Testing my SSL configuration

Many ways to do this, we'll present a couple:

On-line check

You can check your websites configuration with on-line certificate checker.

OpenSSL command line tool

Use the openssl built in client to do so, this command will connect to an SSL server and display the certificate chain, you can copy parts of the output to a PEM file and further inspect them with the verify openssl command. 

$ openssl s_client -connect mysite.com:443 -showcerts

Here is a typical output, with the certificate chain displayed: 

CONNECTED(00000003)
            depth=1 O = CA, OU = "CA", OU = CA, OU = CA
            verify error:num=20:unable to get local issuer certificate
            verify return:0
            ---
            Certificate chain
             0 s:/C=US/ST=California/L=Palo Alto/O=mysite/CN=mysite.com
               i:/O=CA/OU=CA/OU=CA/OU=CA
            -----BEGIN CERTIFICATE-----
            MIIDnzCCAwigAwIBAgIQCSGX4cDpzQPaNSQ2VhCGgTANBgkqhkiG9w0BAQUFADCB
            ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
            aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
            A .... MANY LINES LIKE THAT .... .... MANY LINES LIKE THAT .... 
            gjRaROuWGxfY25KebCQpoBW2PJp3S1JmqHHyxjk4mzr+tzWK0Qn+tlBUy9igtkIh
            VybjO+AxBZve1qyJIsVraz8wrw==
            -----END CERTIFICATE-----
             1 s:/O=CA/OU=CA/OU=CA/OU=CA
               i:/C=US/O=CA/OU=Class 3 Public Primary Certification Authority
            -----BEGIN CERTIFICATE-----
            MIIDgzCCAuygAwIBAgIQRvzrurTQLw+SYJgjP5MHjzANBgkqhkiG9w0BAQUFADBf
            MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
            LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
            A .... MANY LINES LIKE THAT .... .... MANY LINES LIKE THAT .... 
            OfamggNlEcS8vy2m9dk7CrWY+rN4uR7yK0xi1f2yeh3fM/1z+aXYLYwq6tH8sCi2
            6UlIE0uDihtIeyT3ON5vQVS4q1drBt/HotSp9vE2YoCI8ot11oBx
            -----END CERTIFICATE-----
            ---
            Server certificate
            subject=/C=US/ST=California/L=Palo Alto/O=mysite/CN=mysite.com
            issuer=/O=CA/OU=CA/OU=CA/OU=CA
            ---
            No client certificate CA names sent
            ---
            SSL handshake has read 2007 bytes and written 343 bytes
            ---
            New, TLSv1/SSLv3, Cipher is RC4-MD5
            Server public key is 1024 bit
            Secure Renegotiation IS NOT supported
            Compression: NONE
            Expansion: NONE
            SSL-Session:
                Protocol  : SSLv3
                Cipher    : RC4-MD5
                Session-ID: 244BE....793
                Session-ID-ctx: 
                Master-Key: 18674D2....7DF2DE
                Key-Arg   : None
                PSK identity: None
                PSK identity hint: None
                Start Time: 1325335498
                Timeout   : 7200 (sec)
                Verify return code: 20 (unable to get local issuer certificate)
            ---

Browser

Well, you can open the site with your browser! When it loads, click on the padlock sign and look for a "view certificates" button. This method is not recommended as some browsers will not show all certificates sent by the server and some will show the bundled certificates as if they were sent from the server.

ABOUT ME

Hi! My name is Gareth. A tech geek, who indulge my readers with clear, well-researched, up-to-date, and simple articles that express my opinion about various gadgets.
AFFILIATE DISCLOSURE
Some posts may contain affiliate links. GeekLah.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

RECENT ARTICLES

Best Thermal Imaging Camera
Best Wireless Surround Sound System
Best Arduino Starter Kit
Best Laser Measure

2018 ©GeekLah.com - All Rights Reserved

DMCA.com Protection Status