[CentOS] Testing "dark" SSL sites

Tue Oct 21 22:07:29 UTC 2014
Stephen Harris <lists at spuddy.org>

On Tue, Oct 21, 2014 at 02:57:42PM -0700, lists at benjamindsmith.com wrote:
> So we have a set of unit tests written using PHPUnit, having trouble 
> validating certificates. How do you test/validate an SSL cert for a prototype 
> "foo.com" server if it's not actually active at the IP address that matches 
> DNS for foo.com? 

openssl s_client -connect ip.ad.dr.ess:443
then decode the cert

e.g.
$ openssl s_client -connect 1.2.3.4:443 < /dev/null >| cert

Now you can use the "x509" to look at various things
eg
$ openssl x509 -in cert -subject -noout
subject= /description=foobar/C=US/CN=ssl.example.com/emailAddress=foo at example.com

"man x509"

-- 

rgds
Stephen