You are here: Home / Software / OpenSSL commandline

OpenSSL commandline¶

In the good old days, the internet was a nice playground. Everything on the wire was plain text. A simple wirecapture was enough to understand the protocol. Debugging involved using telnet.

To check what a webserver return

echo -e "GET / HTTP/1.1\nhost:www.example.com\n\n" |\
nc physical.example.com 80

Then came the encryption, which makes a lot of sense. But testing any service becomes a bit more complicated. Luckily openssl comes with a nice commandline tool: openssl.

openssl s_client -connect www.example.com:443

To make the same example as before, you can’t simply replace the echo. openssl will terminate the connection as soon as the EOF ist sent via stdin. That is before the response is retrieved. So we make the echo in a subshell and add a sleep

(echo -e "GET / HTTP/1.1\nhost:www.example.com\n\n"; sleep 5) |\
openssl s_client -connect physical.example.com:443

Another nice thing is the check of certifcates. For example expiration date.

echo ""  |\
openssl s_client -connect www.example.com:443 |\
  openssl x509 -noout -enddate

Here the immediate termination by openssl is fine, we already got the cert.