On Tuesday, October 21, 2014 06:07:29 PM Stephen Harris wrote: > On Tue, Oct 21, 2014 at 02:57:42PM -0700, lists at benjamindsmith.com wrote: > > So we have a set of unit tests written using PHPUnit, having trouble > > validating certificates. How do you test/validate an SSL cert for a > > prototype "foo.com" server if it's not actually active at the IP address > > that matches DNS for foo.com? > > openssl s_client -connect ip.ad.dr.ess:443 > then decode the cert > > e.g. > $ openssl s_client -connect 1.2.3.4:443 < /dev/null >| cert > > Now you can use the "x509" to look at various things > eg > $ openssl x509 -in cert -subject -noout > subject= > /description=foobar/C=US/CN=ssl.example.com/emailAddress=foo at example.com > > "man x509" The issue is that I wouldn't consider myself qualified to make sense of this output. Curl noticed when an intermediate SSL cert wasn't installed correctly, so if possible I'd really like to use a CLI "browser" such as curl or wget. I've already confirmed for example, that using openssl s_client as you mention above doesn't actually check the certs, just lists them. Thus, the recent issues with firefox and intermediate certs would be tough to look for....