9bdf54898eef2d80e4d99c328b529d5d356e0dbb
compute/ssl-debug.md
| ... | ... | @@ -2,19 +2,22 @@ |
| 2 | 2 | <!-- SUBTITLE: SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT? What the fuck does that mean? --> |
| 3 | 3 | |
| 4 | 4 | ### Read cert |
| 5 | -$ openssl s_client -host \<hostname> -port 443 | openssl x509 -noout -text |
|
| 5 | +$ echo | openssl s_client -host \<hostname> -port 443 | openssl x509 -noout -text |
|
| 6 | 6 | |
| 7 | 7 | ### Read cert and check |
| 8 | 8 | $ echo | openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile /etc/ssl/cert.pem | openssl x509 -noout -text |
| 9 | 9 | |
| 10 | 10 | ### Dump cert chain |
| 11 | -$ openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443 |
|
| 11 | +$ echo | openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443 |
|
| 12 | + |
|
| 13 | +### Dump cert chain to individual files |
|
| 14 | +$ echo | openssl s_client -showcerts -servername \<hostname> -connect \<hostname>:443 | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' | awk 'BEGIN {i=0;} /BEGIN CERT/{i++} { print > "cert" i ".pem"}' |
|
| 12 | 15 | |
| 13 | 16 | ### Read CRL |
| 14 | 17 | $ openssl crl -inform {DER|PEM} -noout -text -in \<crl file> |
| 15 | 18 | |
| 16 | 19 | ### Test connection |
| 17 | -$ openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile \<Root CA cert file> |
|
| 20 | +$ echo | openssl s_client -servername \<hostname> -connect \<hostname>:443 -CAfile \<Root CA cert file> |
|
| 18 | 21 | |
| 19 | 22 | ### Convert DER to PEM |
| 20 | 23 | $ openssl x509 -inform DER -in cert.der -outform PEM -out cert.pem |