รวมคำสั่ง openssl ใช้ตรวจสอบเว็บ https
แสดง certificates แสดง TLS certificate และ htps configuration คร่าวๆ
openssl s_client -showcerts -connect gitlab.com:443 -servername gitlab.com
ตย. ผลลัพท์
CONNECTED(00000005)
depth=3 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = gitlab.com
verify return:1
---
Certificate chain
0 s:/CN=gitlab.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgIQXCLSMilzZJR9TSABzbgKzzANBgkqhkiG9w0BAQsFADCB
...
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=gitlab.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 5156 bytes and written 300 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: 96B46DEEF8EED88F60E72CE0E5432BA00BDAFC094EF4D6F5454AD4B6D2A6BFC9
Session-ID-ctx:
Master-Key: 642926482D060DC32B6838E7166DB9BCDD294C850DEC8EF5515686575A5175FAC8C5A8BDA005BD40DB9ED29A769DC021
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - 52 91 d3 13 38 3c a1 3a-90 3f b3 e2 e1 02 99 88 R...8<.:.?......
...
00a0 - f4 56 7f 8d 3f cf 5e 38-59 eb 8e fe b3 85 a0 66 .V..?.^8Y......f
Start Time: 1624954276
Timeout : 7200 (sec)
Verify return code: 0 (ok)
แสดงวันเริ่ม และหมดอายุของ TLS certificate จาก website gitlab.com
openssl s_client -showcerts -connect gitlab.com:443 -servername gitlab.com 2> /dev/null | openssl x509 -noout -dates
notBefore=Apr 12 00:00:00 2021 GMT
notAfter=May 11 23:59:59 2022 GMT