OpenSSL hints

  • Ubuntu 16.04 LTS
  • OpenSSL 1.0.2g 1 Mar 2016
Download server certificate
### Show certificate
$ openssl s_client -connect host:port -showcerts
### Download certificate
$ echo | openssl s_client -connect host:port 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.crt.pem
2-way TLS authentication test

Say, we’ve downloaded server certificate and generated your client private key and certificate. Now we want to test if everything works:

$ openssl s_client -connect hostname:port -CAfile server.crt.pem -cert client.crt.pem -key client-private.key.pem

If you private key is protected with a password you’ll be prompted to enter the password.