Use openssl as an SSL client

s_client command implements a generic SSL/TLS client.
Detailed explanation can be found athttp://www.openssl.org/docs/apps/s_client.html#
options passed to s_client command are:
-connect  host:portspecifies the destination to connect (REQUIRED)
-cert certificate_filename specifies the client certificatefile name. (OPTIONAL)
-key keyfile name specified the file contains the key thats_client command to use.(OPTIONAL)
OPTIONAL means the option can be ignored in the case ofclient authentication is not required.
This command will put openssl in an interacting mode. Bytyping R to force renegotiating the session . By typing Q to close the openedconnection.
OpenSSL will print out plenty of information about SSL handshake, including the certificate the server presents, the trusted CAs and Clipher. Below is an example.
C:\ssl>openssl s_client -connect 192.168.1.200:8443 -certC:\ssl\s_client\cert.pem -key C:\ssl\s_cli
ent\private.pem
Enter pass phrase for C:\ssl\s_client\private.pem:
Loading ‘screen‘ into random state - done
CONNECTED(00000790)
depth=0 /C=cn/ST=sh/L=sh/O=virtual/OU=linux/CN=grass
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=cn/ST=sh/L=sh/O=virtual/OU=linux/CN=grass
verify return:1
---
Certificate chain
0 s:/C=cn/ST=sh/L=sh/O=virtual/OU=linux/CN=grass
i:/C=cn/ST=sh/L=sh/O=virtual/OU=linux/CN=grass
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBnzCCAUkCBEWo/qQwDQYJKoZIhvcNAQEEBQAwWTELMAkGA1UEBhMCY24xCzAJ
BgNVBAgTAnNoMQswCQYDVQQHEwJzaDEQMA4GA1UEChMHdmlydHVhbDEOMAwGA1UE
CxMFbGludXgxDjAMBgNVBAMTBWdyYXNzMB4XDTA3MDExMzE1NDU0MFoXDTA3MDQx
MzE1NDU0MFowWTELMAkGA1UEBhMCY24xCzAJBgNVBAgTAnNoMQswCQYDVQQHEwJz
aDEQMA4GA1UEChMHdmlydHVhbDEOMAwGA1UECxMFbGludXgxDjAMBgNVBAMTBWdy
YXNzMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMwfutN5P7LdEaNrYRG2nXbdR5n+
fWRdUvnzsoP/wwvCkUY5D5zdii5/q8pHO8V03inN+1Ay1QuIDNS+2BpqThcCAwEA
ATANBgkqhkiG9w0BAQQFAANBAJ/suFUYXpBsgwIi0gtpAeVZ27XKcijTIY0tzgS1
UYO8ggx+8wtJDzI8TzM93Z60E8rVQvdyhQQcwt9cyABr1Dw=
-----END CERTIFICATE-----
subject=/C=cn/ST=sh/L=sh/O=virtual/OU=linux/CN=grass
issuer=/C=cn/ST=sh/L=sh/O=virtual/OU=linux/CN=grass
---
Acceptable client certificate CA names
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCertClass 2 Policy Validation Authority/CN=h
ttp://www.valicert.com//emailAddress=info@valicert.com
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust CodeSigning Root
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref.(limits liab.)/OU=(c) 1999 Entrust.net Li
mited/CN=Entrust.net Secure Server Certification Authority
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUSTNetwork/OU=http://www.usertrust.com/CN=UTN - DATACorp S
GC
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUSTNetwork/OU=http://www.usertrust.com/CN=UTN-USERFirst-Ha
rdware
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999VeriSign, Inc. - For authorized use onl
y/CN=VeriSign Class 3 Public Primary Certification Authority- G3
/C=ZA/ST=Western Cape/L=Cape Town/O=ThawteConsulting/OU=Certification Services Division/CN=Thawte P
ersonal Basic CA/emailAddress=personal-basic@thawte.com
/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 3 Public PrimaryCertification Authority
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
/C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2
/C=ZA/ST=Western Cape/L=Cape Town/O=ThawteConsulting/OU=Certification Services Division/CN=Thawte P
ersonal Freemail CA/emailAddress=personal-freemail@thawte.com
/C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1
/C=ZA/ST=Western Cape/L=Cape Town/O=ThawteConsulting/OU=Certification Services Division/CN=Thawte P
ersonal Premium CA/emailAddress=personal-premium@thawte.com
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions,Inc./CN=GTE CyberTrust Root 5
/C=US/O=VeriSign, Inc./OU=Class 1 Public PrimaryCertification Authority
/C=US/O=GTE Corporation/CN=GTE CyberTrust Root
/O=Entrust.net/OU=www.entrust.net/SSL_CPS incorp. by ref.(limits liab.)/OU=(c) 2000 Entrust.net Lim
ited/CN=Entrust.net Secure Server Certification Authority
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUSTNetwork/OU=http://www.usertrust.com/CN=UTN-USERFirst-Ob
ject
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CALimited/CN=AAA Certificate Services
/C=US/O=VeriSign, Inc./OU=Class 3 Public PrimaryCertification Authority - G2/OU=(c) 1998 VeriSign,
Inc. - For authorized use only/OU=VeriSign Trust Network
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consultingcc/OU=Certification Services Division/CN=Thawt
e Premium Server CA/emailAddress=premium-server@thawte.com
/C=US/O=RSA Data Security, Inc./OU=Secure ServerCertification Authority
/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPSincorp. by ref. limits liab./OU=(c) 1999 E
ntrust.net Limited/CN=Entrust.net Client CertificationAuthority
/O=Entrust.net/OU=www.entrust.net/GCCA_CPS incorp. by ref.(limits liab.)/OU=(c) 2000 Entrust.net Li
mited/CN=Entrust.net Client Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 2 Public PrimaryCertification Authority
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999VeriSign, Inc. - For authorized use onl
y/CN=VeriSign Class 2 Public Primary Certification Authority- G3
/C=FI/O=Sonera/CN=Sonera Class1 CA
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions,Inc./CN=GTE CyberTrust Global Root
/C=FI/O=Sonera/CN=Sonera Class2 CA
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consultingcc/OU=Certification Services Division/CN=Thawt
e Server CA/emailAddress=server-certs@thawte.com
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref.(limits liab.)/OU=(c) 1999 Entrust.net Li
mited/CN=Entrust.net Certification Authority (2048)
/C=SE/O=AddTrust AB/OU=AddTrust External TTPNetwork/CN=AddTrust External CA Root
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/C=US/O=Equifax Secure Inc./CN=Equifax Secure GlobaleBusiness CA-1
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2Certification Authority
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999VeriSign, Inc. - For authorized use onl
y/CN=VeriSign Class 1 Public Primary Certification Authority- G3
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrustQualified CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class1 CA Root
/C=US/O=VeriSign, Inc./OU=Class 2 Public PrimaryCertification Authority - G2/OU=(c) 1998 VeriSign,
Inc. - For authorized use only/OU=VeriSign Trust Network
/C=cn/ST=sh/L=sh/O=scn1266/OU=scn1266/CN=clientbrowser
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUSTNetwork/OU=http://www.usertrust.com/CN=UTN-USERFirst-Cl
ient Authentication and Email
/C=US/O=VeriSign, Inc./OU=Class 1 Public PrimaryCertification Authority - G2/OU=(c) 1998 VeriSign,
Inc. - For authorized use only/OU=VeriSign Trust Network
---
SSL handshake has read 7178 bytes and written 867 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 512 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : TLSv1
Cipher
: EDH-RSA-DES-CBC3-SHA
Session-ID:45B504EAAB669E01B5E8A644A4C6FE9B05477CFC3FF266F9AF9A91982D0352C4
Session-ID-ctx:
Master-Key:432A88CB47844CD852910BC67D29E0919F366BFE3C899383212648D47B10B5B35CCF5E057D56421B5D4E
7F94105C7F62
Key-Arg   : None
Start Time: 1169478890
Timeout   : 300 (sec)
Verify return code: 18 (self signed certificate)
---