How To Check HTTPS Connection with OpenSSL

OpenSSL OpenSSL

Before I forget about this little addition, I want to write a follow up to the Check SSL Connection with OpenSSL – specifically, show you how to check HTTPS connection to a typical website.

I have migrated UnixTutorial.RU to Jekyll CMS and wanted to make sure it has a proper certificate generated by hosting platform of Netlify.

The only difference from previous SSL connection check with OpenSSL example is that we use standard HTTPS port – 443 – for connection:

[email protected]:~ $ openssl s_client -connect www.unixtutorial.ru:443
 CONNECTED(00000005)
 depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
 verify return:1
 depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
 verify return:1
 depth=0 C = US, ST = ca, L = San Francisco, O = "Netlify, Inc", CN = *.netlify.com
 verify return:1
 Certificate chain
  0 s:/C=US/ST=ca/L=San Francisco/O=Netlify, Inc/CN=*.netlify.com
    i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
  1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
 Server certificate
 -----BEGIN CERTIFICATE-----
 MIIGIzCCBQugAwIBAgIQC1W/C9syOFclqIEumW8/STANBgkqhkiG9w0BAQsFADBN
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
 aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkwNzAzMDAwMDAwWhcN
 MjAwNzA3MTIwMDAwWjBhMQswCQYDVQQGEwJVUzELMAkGA1UECBMCY2ExFjAUBgNV
 BAcTDVNhbiBGcmFuY2lzY28xFTATBgNVBAoTDE5ldGxpZnksIEluYzEWMBQGA1UE
 AwwNKi5uZXRsaWZ5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
 AOwJHctI1oxqg0wlz9CZYvbhlVZ6sB0COANCfC9qIjTUpw+TxVnG9/tuRDNkfXes
 f7nvjmPlZcfQQKgpmGahX5ndFZmXvCXGMtvO5ZWnqzfv0mxkzTQb6RdDMtPA9Xn/
 LvzaFRlxVpeg6xGMweUpLDTJAJWkcMnGAR2mNUc6nuQgteQsg/7I6YpspYZKasR/
 2xDj5FasQf2+9HqbJgdSSzQKF46VXL2QRBK5UF1lFeBFWMAiUk42Su+YZy/w5pVF
 jlHaVVE42/uG1dyudWAaT65AIIT91eK7GghHv5ppuMZUUmEMV0FUdktMXECqClrt
 kknMNie30oRFj1ADXJGGHd0CAwEAAaOCAukwggLlMB8GA1UdIwQYMBaAFA+AYRyC
 MWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBSJl47dfzdwOfakpcJRog3jMU/JUzAl
 BgNVHREEHjAcgg0qLm5ldGxpZnkuY29tggtuZXRsaWZ5LmNvbTAOBgNVHQ8BAf8E
 BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIw
 L6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3Js
 MC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNy
 bDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczov
 L3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4w
 JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcw
 AoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3Vy
 ZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBAYKKwYBBAHWeQIEAgSB9QSB
 8gDwAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFruE2Z1AAA
 BAMARjBEAiBaMAQ2lhU9A/zF2waHg1jyKezSioWSrngikJo9ur9sTgIgSJlL/lpv
 paD9QVDLMjZi3GCE6uIIIJbb0GM3hliV+MsAdwCHdb/nWXz4jEOZX73zbv9WjUdW
 Nv9KtWDBtOr/XqCDDwAAAWu4TZogAAAEAwBIMEYCIQCNuzKN42qTaCdQvNu5P2b1
 Nr/bTj37qaPUfP9iiTLNRgIhALHf05TguQDpldNVWwI5HZjJXybMS4M1XwBhBe2j
 voCgMA0GCSqGSIb3DQEBCwUAA4IBAQA7Va9atxzWXysR5FtM0kDftriiBWvFfD1I
 e1zMJ40ZvUHh7+St+YB2okv0SqrUsJchQ2mQsvyyX3bKn1d7bmfSBSFdeAeE8haK
 hCFcf4RFsgm76X2rECIr8qZeCuUguaAFEATN82FWYfPpdCH7k30OIjC4xXpz9XPz
 ZlIn5tB7pkfDfc9LJ1h68hFsdu1hP8nOKUQnVuEUCvz9raikjg3J1Mz3kiDx7W8l
 UEnuc4q2odt6E4jeGcu0pbc/2v5cmc4JTTJlvVD7qk2Q7Y9v39vRCT0LK/JSY+8x
 kZAJNiddue8vgageQpXojzNT8NN7INbdepRjp4wlAGc8ieDgTfEU
 -----END CERTIFICATE-----
 subject=/C=US/ST=ca/L=San Francisco/O=Netlify, Inc/CN=*.netlify.com
 issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
 No client certificate CA names sent
 Server Temp Key: ECDH, X25519, 253 bits
 SSL handshake has read 3407 bytes and written 289 bytes
 New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
 Server public key is 2048 bit
 Secure Renegotiation IS supported
 Compression: NONE
 Expansion: NONE
 No ALPN negotiated
 SSL-Session:
     Protocol  : TLSv1.2
     Cipher    : ECDHE-RSA-AES128-GCM-SHA256
     Session-ID: DA5D473C1896A1F1A2714F88E3D6AA70D3B3E90B1F15AECDC20F2AB1B0A89FFF
     Session-ID-ctx:
     Master-Key: 862C7889A4F0A1C44E165D592F004D11C7A5E3AAEE6B897F32DB4789683988656920A5D2CCF8326477408F85DC9F299B
     TLS session ticket lifetime hint: 7200 (seconds)
     TLS session ticket:
     0000 - a7 ec 5a e8 a3 3d 35 21-68 b9 2a 9c 5c f0 5e f2   ..Z..=5!h...^.     0010 - d3 dd de 9f d8 d8 f1 6c-fc 8c 77 5d ba 40 fd 24   …….l..w][email protected]$     0020 - 58 05 da d8 df 9f eb e0-41 6c 2c 0d 6c 51 ca 1e   X…….Al,.lQ..     0030 - ae db 9d ac 72 aa fa d2-2e 70 08 e6 0f bb a7 45   ….r….p…..E     0040 - 4d d2 d4 bb 62 84 81 b5-d5 9b 8d 7e a6 2a 30 80   M…b……~.0.
     0050 - af b2 4b 8f 41 eb a0 98-b8 92 59 90 a8 dd 67 7d   ..K.A…..Y…g}
     0060 - 89 ff 61 eb 37 a1 d8 e6-f8 05 ea d4 de 04 46 24   ..a.7………F$
     0070 - 69 fc a9 6a ad 94 02 c4-11 19 d4 c6 d4 03 3b 33   i..j……….;3
     0080 - 24 2b 30 d2 af f3 86 3e-ec 4b f7 c4 87 9a b2 24   $+0….>.K…..$
     0090 - 08 cb e4 83 75 35 1e 34-30 9a 82 75 92 e9 42 d7   ….u5.40..u..B.
     00a0 - 03 ab 09 1b a2 fe 7f 8d-9c cb 55 a7 a5 99 03 42   ……….U….B
     00b0 - 30 00 d2 80 64 d9 cb 5b-fa 56 af fc 66 65 06 19   0…d..[.V..fe..
 Start Time: 1584575518 Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
 ^C

See Also

  • curl vs wget
  • test SSL with OpenSSL
  • Cloudflare Crypto Week
  • Test TCP connectivity with curl
  • Migrate to Jekyll from WordPress
  • Jekyll 4 – install in macOS



Keep Learning with Me

Follow me on Facebook and Twitter or jump into Telegram chat!:
Recommended Software
I use Brave browser, it's awesome: Brave Browser I'm also a fan of SetApp for macOS: SetApp for macOS
IT Consultancy
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!

Recent Tweets