The intent of this post is to learn how to use openssl s_client program to test 2 way ssl between client & server.
Here I am assumig you have configured your server for 2 way SSL & you have generated or gathered the required certifcates.
List of files required;
a) client certificate
b) client private key -> if passphrase is used you must know that
c) root ca public certificate -> i.e the ca authorty who has signed the server certificate that you will get while handshaking.
Openssl s_client - 2 way ssl test
bash> openssl s_client -connect abc.com -CAfile ca.cert.pem -key client_key.pem -cert client_cert.pem -tls1_2 -state -quiet
Enter pass phrase for client_key.pem:
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = abc.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = ca.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
SSL3 alert read:warning:close notify
SSL3 alert write:warning:close notify
Note: ca.cert.pem is the root ca public certificate while other 2 are the client cert & client private key which is having passphrase.
Hope this helps :-)
Enjoy :-)
No comments:
Post a Comment