Menu
I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send.
How do I debug SSL handshake, preferably with cURL?
946
To diagnose failures during the application phase, you must decrypt the SSL session using a utility, such as ssldump. You can enable SSL debug logging on the BIG-IP system, test SSL connections for the virtual server using a web browser or the OpenSSL client, and then review the debug log files.
I have used this command to troubleshoot client certificate negotiation:
openssl s_client -connect www.test.com:443 -prexit
The output will probably contain "Acceptable client certificate CA names" and a list of CA certificates from the server, or possibly "No client certificate CA names sent", if the server doesn't always require client certificates.
150
curl -iv https://your.domain.io
That will give you cert and header output if you do not wish to use openssl command.
33
curl probably does have some options for showing more information but for things like this I always use openssl s_client
With the -debug option this gives lots of useful information
Maybe I should add that this also works with non HTTP connections. So if you are doing "https", try the curl commands suggested below. If you aren't or want a second option openssl s_client might be good
13
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
