How to debug SSL handshake using cURL?

curl ssl client-certificates
Bajo picture Bajo · Jul 19, 2013 · Viewed 120.8k times · Source

I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send.

How do I debug SSL handshake, preferably with cURL?

Thanks in advance

Answer

Christian Davén picture Christian Davén · Apr 2, 2014

I have used this command to troubleshoot client certificate negotiation:

openssl s_client -connect www.test.com:443 -prexit

The output will probably contain "Acceptable client certificate CA names" and a list of CA certificates from the server, or possibly "No client certificate CA names sent", if the server doesn't always require client certificates.

Related questions

Solving sslv3 alert handshake failure when trying to use a client certificate

I'm trying to connect to a service that requires a certificate for authorization. The process is that I send the service a CSR file. The service signs the CSR and sends me a certificate that I use for connection. I …

Read More
https connection using CURL from command line

I am new to Curl and Cacerts world and facing a problem while connecting to a server. Basically, I need to test connectivity over https from one machine to another machine. I have a URL to which I need to …

Read More
curl: (60) SSL certificate problem: unable to get local issuer certificate

root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt * About to connect() to {abc} port 21 (#0) * Trying {abc}... * Connected to {abc} ({abc}) port 21 (#0) < 220-Cerberus FTP Server - Home Edition &…

Read More