OpenSSL関連コマンドについて
備忘録。都度追記します。
外部から確認
※表示例です。CNは書き換えています。
$ openssl s_client -connect www.example.info:443 -showcerts CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3 verify return:1 depth=0 CN = www.example.info verify return:1 --- Certificate chain 0 s:/CN=www.example.info i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 -----BEGIN CERTIFICATE----- (略) -----END CERTIFICATE----- 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA -----BEGIN CERTIFICATE----- (略) -----END CERTIFICATE----- --- Server certificate subject=/CN=www.example.info issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 --- No client certificate CA names sent Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 2848 bytes and written 375 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : (略) Session-ID: (略) Session-ID-ctx: Master-Key: (略) Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: (略) Start Time: 1446600549 Timeout : 300 (sec) Verify return code: 0 (ok) ---
0ならOK。20とか21なら設定、中間証明書などに問題がある。