Debugging SSL Connections

Submitted by Bill St. Clair on Wed, 25 Jun 2008 00:24:59 GMT <== Webmaster stuff ==>

I've had a little trouble with the SSL certificate for this site and for some sites for which I do technical maintenance. I wrote up a little about that in Intermediate SSL Certificates. Well, I asked my web hosting provider to install the intermediate certificates for another web site that is also using a GoDaddy certificate. They said that they had done it, but I was still getting warnings in Safari, on both my Mac and my iPhone. So I did some Googling, and found some simple Java code that I could modify, and enable debugging while running, to show the SSL handshake during a connection to a web site.

I have uploaded that code as billstclair.com/blog/images/ssltest.zip. The zip file decompresses into the "ssltest" directory, containing the following files:

ssltest	a bash script to run the java program
ssltest.class	the compiled version of the Java program
ssltest.java	the source code for the Java program
ssltest.zip.sh	a bash script to create ssltest.zip

You're certainly welcome to look at the Java source, and change it to your liking, but to use the program, you just need to cd to the ssltest directory in your shell, and type the following:

./ssltest billstclair.com

Or change "billstclair.com" to your favorite SSL-enabled web site. It prints quite a bit of stuff, but the most interesting to me were the lines beginning with "chain [", which show the certificate and the intermediate certificates, if any.

I didn't include an ssltest.bat file for Windows, because I have no way to test it, but it should be pretty obvious how to convert the bash script into a Windows batch file.

Enjoy!

Add comment Edit post Add post

Comments (1):

Simpler SSL debugging

Submitted by Bill St. Clair on Thu, 26 Jun 2008 09:39:17 GMT

I found an easier way to debug SSL connections, at least the certificate chain part, if you have openssl installed on your system, which most Linux systems, and the Macintosh, do.

Debugging SSL Connections recommends using the openssl s_client command. They also talk about ssldump, but that's not on my system, so I haven't tried it.

The following command connects to billstclair.com with SSL, and prints the certificate chain and some other information about the connection. You can then send HTTP commands (e.g. "GET /\n\n"), to fetch a page, or just type Ctrl-D (EOF).

openssl s_client -connect billstclair.com:443 -showcerts

The Java version is much more verbose, though.

Edit comment

Add comment Edit post Add post

Previous Posts:
My Friends...
George Carlin RIP
PricedInGold.com
Intermediate SSL Certificates
Ares: A Sneak Peek--Part One
Lindsey Williams' Life Threatened by Tycoon for Speaking Out About the Non-Energy Crisis
Little Brother
Ron Paul's Campaign for Liberty
Ron Paul Drops Presidential Bid
An Open Letter to the Gun Control Crowd

Navigation

History

Quotes

Government doesn't work. Never did. Never will. Can't. But there are lots of good people. Love them.

-- Bill St. Clair

The Atlanta Declaration

Every man, woman, and responsible child has an unalienable individual, civil, Constitutional, and human right to obtain, own, and carry, openly or concealed, any weapon -- rifle, shotgun, handgun, machinegun, anything -- any time, any place, without asking anyone's permission.

-- L. Neil Smith

Reread that pesky first clause of the Second Amendment. It doesn't say what any of us thought it said. What it says is that infringing the right of the people to keep and bear arms is treason. What else do you call an act that endangers "the security of a free state"? And if it's treason, then it's punishable by death. I suggest due process, speedy trials, and public hangings.

-- L. Neil Smith

A Penalty Clause for the Bill of Rights

Any official, appointed or elected, at any level of government, who attempts, through legislative act or other means, to nullify, evade, or avoid the provisions of the first ten amendments to this Constitution, or of the Thirteenth Amendment, shall be summarily removed from office, and, upon conviction, deprived of all pay and benefits including pension, and sentenced to imprisonment for life.

-- L. Neil Smith

Based on 253 journal articles, 99 books, 43 government publications, and some of its own empirical work, the panel couldn't identify a single gun control regulation that reduced violent crime, suicide or accidents.

-- John Lott, commenting on the National Academy of Sciences report on gun control laws.

Who is a libertarian?

Zero Aggression Principle ("Zap")

"A libertarian is a person who believes that no one has the right, under any circumstances, to initiate force against another human being, or to advocate or delegate its initiation. Those who act consistently with this principle are libertarians, whether they realize it or not. Those who fail to act consistently with it are not libertarians, regardless of what they may claim."

-- L. Neil Smith

(Formerly called the "Non-Aggression Principle", or "NAP")

Why Did It Have to be... Guns?

Make no mistake: all politicians -- even those ostensibly on the side of guns and gun ownership -- hate the issue and anyone, like me, who insists on bringing it up. They hate it because it's an X-ray machine. It's a Vulcan mind-meld. It's the ultimate test to which any politician -- or political philosophy -- can be put.

If a politician isn't perfectly comfortable with the idea of his average constituent, any man, woman, or responsible child, walking into a hardware store and paying cash -- for any rifle, shotgun, handgun, machinegun, anything -- without producing ID or signing one scrap of paper, he isn't your friend no matter what he tells you.

If he isn't genuinely enthusiastic about his average constituent stuffing that weapon into a purse or pocket or tucking it under a coat and walking home without asking anybody's permission, he's a four-flusher, no matter what he claims.

What his attitude -- toward your ownership and use of weapons -- conveys is his real attitude about you. And if he doesn't trust you, then why in the name of John Moses Browning should you trust him?

-- L. Neil Smith

Concise

"Tell me," I was once asked, "What do you think about gun control? Give me the short answer." To which I replied, "If you try to take our firearms we will kill you."

-- Mike Vanderboegh

Also from The Atlanta Declaration:

... like going to the bathroom, breathing, eating, sleeping, or making love, it turns out that self-defense is a bodily function one cannot safely or effectively delegate to a second party.

-- L. Neil Smith

This does not mean that "Marijuana should be available by prescription." It means that morphine sulfate should be available in five pound bags at the supermarket for a couple of bucks, like sugar... but probably in a different aisle, to avoid confusion.

-- Vin Suprynowicz

If you refuse to pay unjust taxes, your property will be confiscated. If you attempt to defend your property, you will be arrested. If you resist arrest, you will be clubbed. If you defend yourself against clubbing, you will be shot dead. These procedures are known as the Rule of Law.

-- Edward Abbey

The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war.

-- Bill St. Clair