Almost wrote this up again and then realized I already did once (sure it was a few years ago but luckily not much changes with some of the command line stuff). Check it out here: http://krypted.com/mac-os-x/using-openssl-to-test-connectivity If you want to see more on openssl check this one out too: http://krypted.com/unix/openssl-and-signatures
When you’re testing connectivity to servers and you’re using SSL on those servers then your traditional ways of testing connectivity may been a little augmentation. For starters, you’re going to use the openssl to test connections. For example, if you have a web server you might traditionally attempt to telnet into port 80 and check you banners; however, if you have an SSL certificate on it then you might be better served connecting to port 443 using the openssl command. In the following example we’ll tell openssl to be a generic client (s_client) and connect (-connect) to krypted.com over port 443:
openssl s_client -connect krypted.com:443The output would then look similar to the following:
CONNECTED(00000003) depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://CERTAUTHORITY.com//We could test smtp using the same, whether you’re using port 25 and requiring a certificate or another port. To test with port 25, assuming we can use a generic client again we’re going to change the port number and because SSL can work with smtp directly we’re going to use starttls to do so:
openssl s_client -connect www.krypted.com:25 -starttls smtpA valid connection would result in similar output to the following:
CONNECTED(00000003) depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://MYCERTAUTHORITY.com//emailAddressemail@example.comYou could also initiate a new instance of an SSL listener, using s_server or just test the connection timer using s_time. Overall, openssl is a pretty invaluable toolkit that we’ll probably look at more and more on this site.