Skip to content

OpenSSL Debugging Hints

Jump to bottom Edit New page
Ladislav Slezák edited this page Feb 27, 2019 · 12 revisions

Debugging OpenSSL Issues

Here is a short list of some OpenSSL debugging hints and examples.

echo | openssl s_client -connect example.com:443

Dump the SSL Certificate from the Server

To dump the server certificate to a file:

echo | openssl s_client -connect example.com:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem

Use -CAfile cert.pem option with a local certificate Use -servername example.com for SNI

Display Certificate Details

openssl x509 -in cert.pem -text -noout

This displays the certificate details in a human readable format.

Create a Self-signed Key

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes

The OpenSSL tool will ask for some input data interactively, like the organization name, your location, etc. For testing purposes it does not matter what you enter, feel free to use any values.

The only important value is the certificate subject, you must use the server host name otherwise the SSL verification will fail. You might even use localhost if you use the service only locally.

Start Ruby SSL Server

ruby -r webrick/https -e 'WEBrick::HTTPServer.new(Port: 8000, DocumentRoot: ".", SSLEnable: true, SSLCertificate: OpenSSL::X509::Certificate.new(File.read("cert.pem")), SSLPrivateKey: OpenSSL::PKey::RSA.new(File.read("key.pem"))).start'

Start a Testing HTTPS Server

openssl s_server -key key.pem -cert cert.pem -accept 9000 -www

CURL and Custom Certificate

curl --cacert cert.pem https://localhost:9000

If you want to verify the SSL connection to the server using a custom SSL certificate.

Add a custom footer
Add a custom sidebar
Clone this wiki locally