openssl s client using a proxy

Question

openssl s client -connect some https server 443 -showcerts   is a nice command to run when you want to inspect the server s certificates and its certificate chain   Is there a way to run this command when you are behind a HTTP HTTPS proxy

User · Answer

for anyone coming here as of post-May 2015  there s a new  -proxy  option that will be included in the next release of openssl  https   rt openssl org Ticket Display html id 2651 amp user guest amp pass guest

User · Answer

since openssl v1 1 0  C  openssl gt openssl version OpenSSL 1 1 0g  2 Nov 2017 C  openssl gt openssl s client -proxy 192 168 103 115 3128 -connect www google com -CAfile C  TEMP internalCA crt CONNECTED 00000088  depth 2 DC   com  DC   xxxx  CN   xxxx CA interne verify return 1 depth 1 C   FR  L   CROIX  CN   svproxysg1  emailAddress   xxxx xxxx xx verify return 1 depth 0 C   US  ST   California  L   Mountain View  O   Google Inc  CN   www google com verify return 1 --- Certificate chain  0 s  C US ST California L Mountain View O Google Inc CN www google com    i  C xxxx L xxxx CN svproxysg1 emailAddress xxxx xxxx xx  1 s  C xxxx L xxxx CN svproxysg1 emailAddress xxxx xxxx xx    i  DC com DC xxxxx CN xxxxx CA interne --- Server certificate -----BEGIN CERTIFICATE----- MIIDkTCCAnmgAwIBAgIJAIv4 hQAAAAAMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV BAYTAkZSMQ4wDAYDVQQHEwVDUk9JWDETMBEGA1UEAxMKc3Zwcm94eXNnMTEeMBwG

User · Answer

Officially not   But here s a patch  http   rt openssl org Ticket Display html id 2651 amp user guest amp pass guest

User · Answer

You can use proxytunnel   proxytunnel -p yourproxy 8080 -d www google com 443 -a 7000   and then you can do this   openssl s client -connect localhost 7000 -showcerts   Hope this can help you

User · Answer

Even with openssl v1 1 0 I had some problems passing our proxy  e g  s client  HTTP CONNECT failed  400 Bad Request  That forced me to write a minimal Java-class to show the SSL-Handshake       public static void main String   args  throws IOException  URISyntaxException       HttpHost proxy   new HttpHost  proxy my company   8080       DefaultProxyRoutePlanner routePlanner   new DefaultProxyRoutePlanner proxy       CloseableHttpClient httpclient   HttpClients custom                setRoutePlanner routePlanner               build        URI uri   new URIBuilder                setScheme  https                setHost  www myhost com                build        HttpGet httpget   new HttpGet uri       httpclient execute httpget       With following dependency        lt dependency gt           lt groupId gt org apache httpcomponents lt  groupId gt           lt artifactId gt httpclient lt  artifactId gt           lt version gt 4 5 2 lt  version gt           lt type gt jar lt  type gt       lt  dependency gt    you can run it with Java SSL Logging turned on  This should produce nice output like  trustStore provider is   init truststore adding as trusted cert    Subject  CN Equifax Secure Global eBusiness CA-1  O Equifax Secure Inc   C US   Issuer   CN Equifax Secure Global eBusiness CA-1  O Equifax Secure Inc   C US   Algorithm  RSA  Serial number  0xc3517   Valid from Mon Jun 21 06 00 00 CEST 1999 until Mon Jun 22 06 00 00 CEST 2020  adding as trusted cert    Subject  CN SecureTrust CA  O SecureTrust Corporation  C US   Issuer   CN SecureTrust CA  O SecureTrust Corporation  C US

[openssl] openssl s_client using a proxy

Examples related to openssl