Re: Testing "dark" SSL sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tuesday, October 21, 2014 06:07:29 PM Stephen Harris wrote:
> On Tue, Oct 21, 2014 at 02:57:42PM -0700, lists@xxxxxxxxxxxxxxxxxx wrote:
> > So we have a set of unit tests written using PHPUnit, having trouble
> > validating certificates. How do you test/validate an SSL cert for a
> > prototype "foo.com" server if it's not actually active at the IP address
> > that matches DNS for foo.com?
> 
> openssl s_client -connect ip.ad.dr.ess:443
> then decode the cert
> 
> e.g.
> $ openssl s_client -connect 1.2.3.4:443 < /dev/null >| cert
> 
> Now you can use the "x509" to look at various things
> eg
> $ openssl x509 -in cert -subject -noout
> subject=
> /description=foobar/C=US/CN=ssl.example.com/emailAddress=foo@xxxxxxxxxxx
> 
> "man x509"

The issue is that I wouldn't consider myself qualified to make sense of this 
output. Curl noticed when an intermediate SSL cert wasn't installed correctly, 
so if possible I'd really like to use a CLI "browser" such as curl or wget. 
I've already confirmed for example, that using openssl s_client as you mention 
above doesn't actually check the certs, just lists them. 

Thus, the recent issues with firefox and intermediate certs would be tough to 
look for.... 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux