经验技巧:使用OpenSSL测试HTTPS端口连通性

介绍

OpenSSL提供了客户端命令,可以用来对安全server进行连接测试,工作在SSL/TLS层。

语法

openssl s_client -connect host:port

示例

openssl s_client -connect xxx.xxx.xxx.xxx:443

输出:

CONNECTED(000000F0)depth=0 C = CN, ST = XXX, L = XXX, O = XXX, OU =XXX, CN = XXX.XXX.XXX.XXXverify error:num=20:unable to get local issuer certificateverify return:1depth=0 C = CN, ST = XXX, L = XXX, O = XXX, OU =XXX, CN = XXX.XXX.XXX.XXXverify error:num=27:certificate not trustedverify return:1depth=0 C = CN, ST = XXX, L = XXX, O = XXX, OU =XXX, CN = XXX.XXX.XXX.XXXverify error:num=21:unable to verify the first certificateverify return:1### 对证书的检验信息---Certificate chain 0 s:/C=CN/ST=XXX/L=XXX/O=XXX/OU=IT/CN=XXX.XXX.XXX.XXX   i:/C=CN/ST=XXX/L=XXX/O=XXX/OU=IT/CN=RootCA### 证书链信息,第一行代表证书标题,第二行相当于副标题---Server certificate-----BEGIN CERTIFICATE-----MIIDajCCAlKgAwIBAgIJAP/qJS15ftEUMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAkNOMQ8wDQYDVQQIEwZTaGFueGkxDjAMBgNVBAcTBVhpJ2FuMQ8wDQYDVQQKEwZIdWF3ZWkxCzAJBgNVBAsTAklUMQ8wDQYDVQQDEwZSb290Q0EwHhcNMTYwNDE0MDI0NjQ4WhcNMjYwNDEyMDI0NjQ4WjBwMQswCQYDVQQGEwJDTjEPMA0GA1UECBMGU2hhbnhpMQ4wDAYDVQQHEwVYaSdhbjEPMA0GA1UEChMGSHVhd2VpMQswCQYDVQQLEwJJVDEiMCAGA1UEAxQZKi5yZWdpb24uZXUtZGUub3RjLXRzaS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM8vWPMoCLkBWnqe6r4OO2sTOucEqWnQGQW8caiam618PWak4oZLyPNrRXrtwrcprnsb68MOxSWfPkYCTNmA4likUU/1ve9tvhNH4E1jeaK6AX3wUOtT1qpCrtAJMBt+yIhkgzm/BCWc7za7tMmLsnlHqyAs9d2xQxWw7LCxbtAPc1X/ItRJIt9YDqNVcPbJdn0z0qMupbkrz5JHNxl8GyK0lod0OhxJlcaVi4Kly9KTSvdxRW3zPA7HrKni+ZauN8wQKVzQhjWaz6dMVHMUFHhQkQb2UyvTfYSOAwhFaJ0YbOf84XZ8Wq7VZNknMiOe54fw9UTBh0ryjTkLprpEzQUCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggEBAKp+nrbfq66ilmzZ9WBwwedilV99z2x9FzdmvEPNf4CkpFdZbnQ0MCoTKCgjVZicCrZ9UwENdOyJOJlL91MaPhfFupgrU+WkR7Fj28zS57h4NwR9rcLhUmIzpgJjLz/2Mm2D9kfvKULteSSv4rpk/kTnN2WglWkkpbeY3vW9rkNVMiIsEvK/PHbXeKaI0/Gi/yJc+ox0hkMi2vuVDWe+gdWBY33vbBl0MsBwakbVuLmPPM7DLViIATSPG8MsoMSZJ0PJbO+/r9VuK6gcsejleUAANFFqtm4n71FfpuXfYqZ9PMlYuAPlcxt/j1E4lOPg9gmGzIBVtSMPf5XzfXLBGvs=-----END CERTIFICATE-----subject=/C=CN/ST=XXX/L=XXX/O=XXX/OU=IT/CN=XXX.XXX.XXX.XXXissuer=/C=CN/ST=XXX/L=XXX/O=XXX/OU=IT/CN=RootCA### 证书详情---No client certificate CA names sent---SSL handshake has read 1537 bytes and written 643 bytes---New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384Server public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONESSL-Session:    Protocol  : TLSv1.2 ### 安全协议    Cipher    : ECDHE-RSA-AES256-GCM-SHA384  ### 加密算法    Session-ID: 87EE76E9959EAB2D306C7BFF7280409768B02B0958A5672706CAA6451FBDE947    Session-ID-ctx:    Master-Key: 146398DACE2EAC5810A98AA3DC5C27387D95B317BE51CCD2AEDC505965FD181262EFE2EF62245A4F35041AF3C229F2A9    Key-Arg   : None    PSK identity: None    PSK identity hint: None    SRP username: None    TLS session ticket lifetime hint: 300 (seconds)    TLS session ticket:    0000 - 60 c9 e7 40 28 40 24 33-c2 9a 51 9a e5 38 9d 88   `..@(@$3..Q..8..    0010 - 7c 5b f3 1e ce e7 5d f4-79 a5 e4 24 77 40 dc 2c   |[....].y..$w@.,    0020 - 59 3e f7 57 51 7f 6a 96-00 76 e5 ea 6b 83 89 0b   Y>.WQ.j..v..k...    0030 - 3d ad 99 ce 71 53 f3 eb-c0 f8 e4 e4 c3 d4 6f 72   =...qS........or    0040 - 0f 47 55 83 21 3d af 60-5b 8c b1 87 bb a5 2e a8   .GU.!=.`[.......    0050 - a5 8f 9e bc 95 6c 94 d5-10 89 27 14 7e ca b2 f1   .....l....'.~...    0060 - f4 c0 38 6b 2c 00 1c 77-2f 3d 60 b9 01 cf 87 10   ..8k,..w/=`.....    0070 - 59 65 d4 b9 3f 87 1e 55-3c 73 a9 46 33 0d 47 91   Ye..?..U# 408 Request Time-outYour browser didn't send a complete request in time.closed

关键字:openssl, https, verify, none

版权声明

本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处。如若内容有涉嫌抄袭侵权/违法违规/事实不符,请点击 举报 进行投诉反馈!

立即
投稿

微信公众账号

微信扫一扫加关注

返回
顶部