s_client and gethostbyname failure

ssl openssl x509 mutual-authentication pkix
arahant picture arahant · Sep 8, 2016 · Viewed 9.1k times · Source

I am working with an external company. Lets call them evilcorp.com. I want to use openssl to debug a two way SSL handshake.

  • https://evilcorp.com is setup to not require client authentication.
  • https://evilcorp.com/webservices is setup to require client authentication.

How can I specify this path in openssl. So basically this works:

openssl s_client -connect evilcorp.com:443

But this does not work and gives me gethostbyname failure

openssl s_client -connect evilcorp.com/webservices:443

How can I get this to work (if possible)

Answer

JakeJ picture JakeJ · Dec 8, 2017

You have a very simple error in the address. Here's the fix:

"openssl s_client -connect evilcorp.com:443/webservice"

You had the 443 at the end - it needs to go directly after to the domain name.

Related questions

How can I generate a self-signed certificate with SubjectAltName using OpenSSL?

I am trying to generate a self-signed certificate with OpenSSL with SubjectAltName in it.While I am generating the csr for the certificate, my guess is I have to use v3 extensions of OpenSSL x509. I am using : openssl req …

Read More
Verify errorcode = 20 : unable to get local issuer certificate

I have a certificate chain in server: Certificate chain 0 s:/******/O=Foobar International BV/OU**** i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/**** 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/**** i:/C=US/O=VeriSign, …

Read More
How to add custom field to certificate using openssl

I'm trying to create certificates for internal use. I'm the CA and I would like to have an additional field in my client certificates so that when I generate a certificate for a client, it will hold some specific data …

Read More