On Tuesday, October 21, 2014 06:07:29 PM Stephen Harris wrote:
> On Tue, Oct 21, 2014 at 02:57:42PM -0700, lists@xxxxxxxxxxxxxxxxxx wrote:
> > So we have a set of unit tests written using PHPUnit, having trouble
> > validating certificates. How do you test/validate an SSL cert for a
> > prototype "foo.com" server if it's not actually active at the IP address
> > that matches DNS for foo.com?
>
> openssl s_client -connect ip.ad.dr.ess:443
> then decode the cert
>
> e.g.
> $ openssl s_client -connect 1.2.3.4:443 < /dev/null >| cert
>
> Now you can use the "x509" to look at various things
> eg
> $ openssl x509 -in cert -subject -noout
> subject=
> /description=foobar/C=US/CN=ssl.example.com/emailAddress=foo@xxxxxxxxxxx
>
> "man x509"
The issue is that I wouldn't consider myself qualified to make sense of this
output. Curl noticed when an intermediate SSL cert wasn't installed correctly,
so if possible I'd really like to use a CLI "browser" such as curl or wget.
I've already confirmed for example, that using openssl s_client as you mention
above doesn't actually check the certs, just lists them.
Thus, the recent issues with firefox and intermediate certs would be tough to
look for....
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
