daho's blog

The only wisdom is knowing that you know nothings.

รวมคำสั่ง openssl ใช้ตรวจสอบ https เว็บไซต์

Posted on
thumbnail

รวมคำสั่ง openssl ใช้ตรวจสอบเว็บ https

แสดง certificates แสดง TLS certificate และ htps configuration คร่าวๆ

openssl s_client -showcerts -connect gitlab.com:443 -servername gitlab.com

ตย. ผลลัพท์

CONNECTED(00000005)
depth=3 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = gitlab.com
verify return:1
---
Certificate chain
 0 s:/CN=gitlab.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgIQXCLSMilzZJR9TSABzbgKzzANBgkqhkiG9w0BAQsFADCB
...
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=gitlab.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 5156 bytes and written 300 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    Session-ID: 96B46DEEF8EED88F60E72CE0E5432BA00BDAFC094EF4D6F5454AD4B6D2A6BFC9
    Session-ID-ctx:
    Master-Key: 642926482D060DC32B6838E7166DB9BCDD294C850DEC8EF5515686575A5175FAC8C5A8BDA005BD40DB9ED29A769DC021
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - 52 91 d3 13 38 3c a1 3a-90 3f b3 e2 e1 02 99 88   R...8<.:.?......
...
    00a0 - f4 56 7f 8d 3f cf 5e 38-59 eb 8e fe b3 85 a0 66   .V..?.^8Y......f

    Start Time: 1624954276
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

แสดงวันเริ่ม และหมดอายุของ TLS certificate จาก website gitlab.com

openssl s_client -showcerts -connect gitlab.com:443 -servername gitlab.com 2> /dev/null |  openssl x509 -noout  -dates

notBefore=Apr 12 00:00:00 2021 GMT
notAfter=May 11 23:59:59 2022 GMT