Note to self: SSL/TLS debug tool

I’m typing this up in English in case it turns up in someone’s Google search results. 

I wanted to check up on my TLS certificate on one of my Apache vhosts today, using the good old command:

openssl s_client -showcerts -connect your.domain.tld:port

but ended up receiving the self signed certificate that ran on the server’s default domain. That wasn’t very useful, but I was reminded that I had seen someone mention a different tool in a blog post ranting about certificate caching lately. In an effort to avoid having to go through all the convoluted brain racking and Google searching the next time I want to find said tool, I’m leaving this note for myself here.

The tool in question is called gnutls-cli, and is part of the gnutls-utils package on Fedora or in gnutls-bin on Debian/Ubuntu. The syntax is very nice:

gnutls-cli your.domain.tld -p port

and it handles vhosts and stuff like that. It connects to port 443 by default, so the port part can usually be omitted.

Legg igjen en kommentar

Din e-postadresse vil ikke bli publisert. Obligatoriske felt er merket med *

Dette nettstedet bruker Akismet for å redusere spam. Lær om hvordan dine kommentar-data prosesseres.