how-to_‎ > ‎SSL_‎ > ‎

How to view and download and verify server SSL/TLS certificate and connection

posted May 3, 2011, 7:40 AM by Daniele Albrizio   [ updated May 22, 2017, 6:12 AM ]
$ openssl s_client -connect host:port

Famous "over SSL" protocols table

 Protocol   Port
 https 443/tcp
 nntps 563/tcp
 ldaps 636/tcp
 ftps-data 989/tcp
 telnets 992/tcp
 imaps 993/tcp
 ircs 994/tcp
 pop3s 995/tcp
 ssmtp 465/tcp

To verify connection parameters you need at least to specify a CA certificate, at most a client secret key and public certificate.

$ openssl s_client -CAfile /etc/ssl/certs/AddTrust_External_Root.pem -connect host:443

$ openssl s_client -CAfile /etc/ssl/certs/AddTrust_External_Root.pem -cert /my/ -key /my/key.priv -connect host:443

Successful connection ends with:
Verify return code: 0 (ok)