Handy HTTPS check with openssl
You know SSL is the murkiest IT market out their. It's jargon laden. The technologies are obfuscated. The very goal of the industry, security, tends toward limiting knowledge.
If you've played with intermmediate certificate authorities (like godaddy), then you probably know some of the pain of configuring certs for different applications. You usually test with your browser and are frustrated with continual "Invalid Certificate" prompts. Here's a command line way to check your SSL negotiation for HTTPS (or an SSL over TCP).
echo GET | openssl s_client -connect www.google.com:443 -state
This sends and HTTP GET request to www.google.com on TCP port 443. The output helps you analyze the certificate chain and certificate contents. The output looks like this.
CONNECTED(00000003) --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIDITCCAoqgAwIBAgIQPI06ZO4Y3RtzC6GS7viYGzANBgkqhkiG9w0BAQUFADBM MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wODA1MDIxNzAyNTVaFw0w OTA1MDIxNzAyNTVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcw FQYDVQQDEw53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAmxntXaVWr0lm23n9whx4Tk8RpYqs4pTu4+JLwAMlp5nMZeHslK6u8KeZvBDX 7YcwR81Q+a/T0/QLjUeKLuLOU5uRmX8eXPkb1umTZ+NK+M/EjAxo0ZdURw4KJDCn gpSu3q4/v7oUxviykI42reHQvhaas15yOEnadKE//9KHge0CAwEAAaOB5zCB5DAo BgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATA2BgNVHR8E LzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlU0dDQ0EuY3Js MHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AudGhhd3Rl LmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3dGUuY29tL3JlcG9zaXRv cnkvVGhhd3RlX1NHQ19DQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUF AAOBgQAxCmyinulUGRZomZHWQ8trtMxszLD78e6BvwArb1ASxq8CKjbBKN7FTFYg bfU9QrkYgSCy3Vdd674yhFBFUW7N5C4qOIifUu0o//yNV7WtZK5NDg7ZPay4/mZM FY9EUvp8PATtfzdhBP7V6bmwnv6lEWnJY9ZGgW8A2HIvgjdEwQ== -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA --- No client certificate CA names sent --- SSL handshake has read 1765 bytes and written 328 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: FA90A39B0BD274C71247A40506D5BBA3B1107CB1C5FE7C246B0354D703ED405B Session-ID-ctx: Master-Key: 04DC328CB4B2D392FE9FFC5B85015311456C5EF6412F9A47BBFBB4D6E38B9721 51080984DD8A6E52872AE5E773C149E1 Key-Arg : None Krb5 Principal: None Start Time: 1216690549 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---