On Tuesday, October 21, 2014 06:07:29 PM Stephen Harris wrote:
On Tue, Oct 21, 2014 at 02:57:42PM -0700, lists@benjamindsmith.com wrote:
So we have a set of unit tests written using PHPUnit, having trouble validating certificates. How do you test/validate an SSL cert for a prototype "foo.com" server if it's not actually active at the IP address that matches DNS for foo.com?
openssl s_client -connect ip.ad.dr.ess:443 then decode the cert
e.g. $ openssl s_client -connect 1.2.3.4:443 < /dev/null >| cert
Now you can use the "x509" to look at various things eg $ openssl x509 -in cert -subject -noout subject= /description=foobar/C=US/CN=ssl.example.com/emailAddress=foo@example.com
"man x509"
The issue is that I wouldn't consider myself qualified to make sense of this output. Curl noticed when an intermediate SSL cert wasn't installed correctly, so if possible I'd really like to use a CLI "browser" such as curl or wget. I've already confirmed for example, that using openssl s_client as you mention above doesn't actually check the certs, just lists them.
Thus, the recent issues with firefox and intermediate certs would be tough to look for....