Mac OS X,  Mac OS X Server,  Mac Security

Using OpenSSL to Test Connectivity

When you’re testing connectivity to servers and you’re using SSL on those servers then your traditional ways of testing connectivity may been a little augmentation. For starters, you’re going to use the openssl to test connections. For example, if you have a web server you might traditionally attempt to telnet into port 80 and check you banners; however, if you have an SSL certificate on it then you might be better served connecting to port 443 using the openssl command. In the following example we’ll tell openssl to be a generic client (s_client)  and connect (-connect) to https://krypted.com/ over port 443:

openssl s_client -connect krypted.com:443

The output would then look similar to the following:

CONNECTED(00000003)

depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://CERTAUTHORITY.com//

We could test smtp using the same, whether you’re using port 25 and requiring a certificate or another port. To test with port 25, assuming we can use a generic client again we’re going to change the port number and because SSL can work with smtp directly we’re going to use starttls to do so:

openssl s_client -connect  www.krypted.com:25 -starttls smtp

A valid connection would result in similar output to the following:

CONNECTED(00000003)

depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://MYCERTAUTHORITY.com//emailAddress=krypted@mac.com

You could also initiate a new instance of an SSL listener, using s_server or just test the connection timer using s_time. Overall, openssl is a pretty invaluable toolkit that we’ll probably look at more and more on this site.