Copy $ openssl s_client -state -msg -connect domain.com:443
Copy $ openssl s_client -state \
-debug \
-connect domain.com:443 \
-cert domain.com-server.crt \
-key domain.com-server.key \
Copy $ curl -vvv \
[--cacert server.crt \]
https://domain.com:443/artifactory
Copy $ openssl req -noout -text -in server.csr
Copy // SSLPoke.java
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;
/** Establish a SSL connection to a host and port, writes a byte and
* prints the response. See
* http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
*/
public class SSLPoke {
public static void main(String[] args) {
if (args.length != 2) {
System.out.println("Usage: "+SSLPoke.class.getName()+" <host> <port>");
System.exit(1);
}
try {
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));
SSLParameters sslparams = new SSLParameters();
sslparams.setEndpointIdentificationAlgorithm("HTTPS");
sslsocket.setSSLParameters(sslparams);
InputStream in = sslsocket.getInputStream();
OutputStream out = sslsocket.getOutputStream();
// Write a test byte to get a reaction :)
out.write(1);
while (in.available() > 0) {
System.out.print(in.read());
}
System.out.println("Successfully connected");
} catch (Exception exception) {
exception.printStackTrace();
System.exit(1);
}
}
}
Copy # compile
$ javac InstallCert.java
Copy $ openssl s_client -showcerts -connect <domain.com>:<port>
Copy
- or use specify acceptable ciphers for ssl handshake
```bash
$ openssl s_client -showcerts \
-cipher DHE-RSA-AES256-SHA \
-connect <domain.com>:<port>
Copy $ echo | openssl s_client -showcerts \
-servername www.domain.com \
-connect <domain.com>:<port> 2>/dev/null |
openssl x509 -inform pem -noout -text
Copy $ curl -vvI https://www.domain.com
Copy $ keytool -printcert -sslserver <domain.com>:<port>
# or
$ keytool -printcert -rfc -sslserver <domain.com>:<port>
Copy $ nmap -p 443 --script ssl-cert www.domain.com [-v]