How to debug ssl handshake, preferably with curl?
I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send.
Thanks in advance
I have used this command to troubleshoot client certificate negotiation:
openssl s_client -connect www.test.com:443 -prexit
The output will probably contain "Acceptable client certificate CA names" and a list of CA certificates from the server, or possibly "No client certificate CA names sent", if the server doesn't always require client certificates.
curl -iv https://your.domain.io
That will give you cert and header output if you do not wish to use openssl command.
curl probably does have some options for showing more information but for things like this I always use openssl s_client
With the -debug option this gives lots of useful information
Maybe I should add that this also works with non HTTP connections. So if you are doing "https", try the curl commands suggested below. If you aren't or want a second option openssl s_client might be good
来源:https://stackoverflow.com/questions/17742003/debugging-ssl-handshake