Thursday, July 12, 2018

Certificates : Displaying errors

Quite often, you can't connect to an SSL site because .NET will tell you that the certificate is invalid.

This openssl command shows you the certificate errors:

openssl s_client -connect company.co.nz:443|openssl x509 -text

The output looks like:

depth=2 CN = Company Root CA
verify error:num=19:self signed certificate in certificate chain
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:06:eb:c1:00:34:00:05:56:38
...

etc.

It also checks the intermediate and root CA certificate validation chain.

Enjoy!

No comments: