用openssl s_client调试X.509 TLS会话

 未分类  Add comments
3月 212020
 

未启用双向验证时的openssl sclient请求

[root@ip-172-31-47-53 ~]# openssl s_client -connect api.iot.com:443
CONNECTED(00000003)
depth=2 C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = YSWM ROOT CA
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com
   i:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
 1 s:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
   i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
 2 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
   i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFojCCA4qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX
TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp
YXRlIENBMB4XDTIwMDMxOTA2NDgzOVoXDTIxMDMxOTA2NDgzOVowZjELMAkGA1UE
BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL
BgNVBAoMBFlTV0wxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAthcGkuaW90LmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPKYx0hAmQ0SNZPXY2W7wDZM
2CoQEhMSuAvh5s1+P5QBx+llHCwk2ZNoRXiidRlA1E5Rr1YsAclEjbWcv9YKWiYn
RstZ1/k0/l9xo3dhRgwptb3nXeHht2PXY++uMEOTWWe+C/Q6aYbkia87ZtNI7n82
n9/pFY3dXQatbjulxheYnoWjCz5fl7O0/uw15U7C1P/CB3XMUGLqqm3KKIJfpLmT
gP7L+Q1dZVAcwrIfZdle6wG6dnpjRI7ak0GfbxOTokWAmr6YtWQoHYIoBpw8bKGS
xwc0fhpvwroNAY9pSsNs96wlteVMDp7oibltq31oH10/TWB7j0qflqr9WuFjA7MC
AwEAAaOCAUowggFGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG
SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFPLQcQCz1Qhb+obRMVXL5CiTcIT7MIGsBgNVHSMEgaQwgaGAFLu/
V7kbBJBkvwKAFrDNbnmg6uPfoYGEpIGBMH8xCzAJBgNVBAYTAkNOMRIwEAYDVQQI
DAlHdWFuZ2RvbmcxETAPBgNVBAcMCFNoZW56aGVuMQ0wCwYDVQQKDARZU1dNMSMw
IQYDVQQLDBpZU1dNIENlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAwwMWVNX
TSBST09UIENBggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH
AwEwDQYJKoZIhvcNAQELBQADggIBAAsmdvtSux+U9FV8Z/+RIHxR/zvuPlc8sVnT
0ivj069MTUwNN7Q91V+YSWzAB//17H9Lsy5f6Fxl9zNP9r9X3F3J9ha1qVZLgJFa
CH3Otn/WPraS6Q1KiBwKPIMCgE0IA2Nz5ZrcIQwlTwQ2gIo41ZEMeVk0QvrXQXra
vEeFTB4NHID5naJivP/ObO1y+4NKiT4hjjjn/xQxW5y0ddAkHYPPibbMlGA3htFe
V/mIcVP7IeBYyJ31GPbJ9zu3hBpLFuqLh1YUdvJj9JL3wKTsPok5tL5RIM3wN9Ir
BOZRkkJ8uN/hsFoMY4cFz1NS7iy/4SnslQibT8oGqa/lBxt+3ABYjI5nQUvyHkf0
+Y1mXyTLy2EbaM4streJPV48FY3vsmwk7bA5BkbjvS3aj7Mt7AW28LtD+szlK1Ix
v4D06+Rl9kfZxFd6MWhLiMIYG4KfyIeficzM2X18PNZNdyxvbM/lWiLapc34aR6g
ISz6/vFD58euDAHYiQnRjsk1cL4ViF3yZVXvZWRm7Lyhwj/5CZ7EGuNXGhw/svMu
RLfr8SeoKohcJGE7nAEu+Q1q6VoNG0HKWk9Y2fEX+pS8z6ET875nL6ce12d9eEYR
CkhIeoqCXtd9qHof3L5Qf5yndGGkn4rt0lG6tZikyXxmzOV2pjr/STezH/2mqLS2
oEAMh2YN
-----END CERTIFICATE-----
subject=/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com
issuer=/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5136 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 62D71A0E3BD96BF7FB3890E13F0BE760153A9687C8D1CF6ADED63410C54EB79A
    Session-ID-ctx: 
    Master-Key: BDB9A9FD44557DA803D7B092E956CFB7A476362A98DFE195AE9567828399FFA8AA9D389A401539CE3CA4E19131F64455
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 37 ed 69 e7 17 db f4 0f-2b d1 76 a5 fd 7a 4c a9   7.i.....+.v..zL.
    0010 - 81 b2 88 94 e1 61 e1 81-3a 7b e8 14 4f e7 51 65   .....a..:{..O.Qe
    0020 - 73 20 e8 16 f8 b8 52 6e-b7 f9 3a 9d 94 92 e7 c9   s ....Rn..:.....
    0030 - 98 6c db 55 bd eb b9 83-18 41 a0 67 16 45 b7 c0   .l.U.....A.g.E..
    0040 - 76 de 48 97 36 a8 53 c5-d3 e6 98 b0 2d 73 96 1b   v.H.6.S.....-s..
    0050 - e3 a8 9e c9 ec 35 e3 06-f0 9b f4 b4 c3 e8 15 79   .....5.........y
    0060 - 5d 6e 97 c4 ae 43 b0 19-43 b3 bb e2 0f 98 10 8a   ]n...C..C.......
    0070 - 86 99 50 44 21 5c d9 ca-3e de 0c d2 05 89 1d bf   ..PD!\..>.......
    0080 - 92 f7 5e e9 25 26 f9 87-9b af 3d 73 9e f9 44 b2   ..^.%&....=s..D.
    0090 - 51 1b 65 ab 3c 4e e9 4b-79 04 d4 f1 49 33 0e b6   Q.e.<N.Ky...I3..
    00a0 - 6c f3 fe 74 b3 9b d4 76-cc 9f ce 69 ff f3 a4 1d   l..t...v...i....

    Start Time: 1584606277
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
closed
[root@ip-172-31-47-53 ~]#

自签CA使用openssl s_client调试时return code: 19的处理

客户端指定CA证书文件参数

-CAfile ./ca/certs/ca.cert.pem

启用双向验证(服务端启用客户端证书验证)时的openssl s_client请求

[root@ip-172-31-47-53 ~]# openssl s_client -connect api.iot.com:443
CONNECTED(00000003)
depth=2 C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = YSWM ROOT CA
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com
   i:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
 1 s:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
   i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
 2 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
   i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFojCCA4qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX
TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp
YXRlIENBMB4XDTIwMDMxOTA2NDgzOVoXDTIxMDMxOTA2NDgzOVowZjELMAkGA1UE
BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL
BgNVBAoMBFlTV0wxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAthcGkuaW90LmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPKYx0hAmQ0SNZPXY2W7wDZM
2CoQEhMSuAvh5s1+P5QBx+llHCwk2ZNoRXiidRlA1E5Rr1YsAclEjbWcv9YKWiYn
RstZ1/k0/l9xo3dhRgwptb3nXeHht2PXY++uMEOTWWe+C/Q6aYbkia87ZtNI7n82
n9/pFY3dXQatbjulxheYnoWjCz5fl7O0/uw15U7C1P/CB3XMUGLqqm3KKIJfpLmT
gP7L+Q1dZVAcwrIfZdle6wG6dnpjRI7ak0GfbxOTokWAmr6YtWQoHYIoBpw8bKGS
xwc0fhpvwroNAY9pSsNs96wlteVMDp7oibltq31oH10/TWB7j0qflqr9WuFjA7MC
AwEAAaOCAUowggFGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG
SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFPLQcQCz1Qhb+obRMVXL5CiTcIT7MIGsBgNVHSMEgaQwgaGAFLu/
V7kbBJBkvwKAFrDNbnmg6uPfoYGEpIGBMH8xCzAJBgNVBAYTAkNOMRIwEAYDVQQI
DAlHdWFuZ2RvbmcxETAPBgNVBAcMCFNoZW56aGVuMQ0wCwYDVQQKDARZU1dNMSMw
IQYDVQQLDBpZU1dNIENlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAwwMWVNX
TSBST09UIENBggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH
AwEwDQYJKoZIhvcNAQELBQADggIBAAsmdvtSux+U9FV8Z/+RIHxR/zvuPlc8sVnT
0ivj069MTUwNN7Q91V+YSWzAB//17H9Lsy5f6Fxl9zNP9r9X3F3J9ha1qVZLgJFa
CH3Otn/WPraS6Q1KiBwKPIMCgE0IA2Nz5ZrcIQwlTwQ2gIo41ZEMeVk0QvrXQXra
vEeFTB4NHID5naJivP/ObO1y+4NKiT4hjjjn/xQxW5y0ddAkHYPPibbMlGA3htFe
V/mIcVP7IeBYyJ31GPbJ9zu3hBpLFuqLh1YUdvJj9JL3wKTsPok5tL5RIM3wN9Ir
BOZRkkJ8uN/hsFoMY4cFz1NS7iy/4SnslQibT8oGqa/lBxt+3ABYjI5nQUvyHkf0
+Y1mXyTLy2EbaM4streJPV48FY3vsmwk7bA5BkbjvS3aj7Mt7AW28LtD+szlK1Ix
v4D06+Rl9kfZxFd6MWhLiMIYG4KfyIeficzM2X18PNZNdyxvbM/lWiLapc34aR6g
ISz6/vFD58euDAHYiQnRjsk1cL4ViF3yZVXvZWRm7Lyhwj/5CZ7EGuNXGhw/svMu
RLfr8SeoKohcJGE7nAEu+Q1q6VoNG0HKWk9Y2fEX+pS8z6ET875nL6ce12d9eEYR
CkhIeoqCXtd9qHof3L5Qf5yndGGkn4rt0lG6tZikyXxmzOV2pjr/STezH/2mqLS2
oEAMh2YN
-----END CERTIFICATE-----
subject=/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com
issuer=/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
---
Acceptable client certificate CA names
/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5429 bytes and written 427 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 1065A02DB9470543CD1A23636D4315216639311463D12A1F9EADF69D543F1D04
    Session-ID-ctx: 
    Master-Key: 91579E43C1053D74A1319F3A620259CFF1B40667ADA246A303B89CD017FA813A236DCEC267289EC82A0725A1ABC3D279
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 21 7b 18 62 74 1d b5 ef-15 31 c5 19 a3 5a 51 6b   !{.bt....1...ZQk
    0010 - b3 ea 43 71 71 58 4e 8e-44 70 59 a5 4d ac fe 2f   ..CqqXN.DpY.M../
    0020 - 81 3e 74 41 69 53 b8 40-83 4f 4c 8a 59 29 d4 77   .>tAiS.@.OL.Y).w
    0030 - 51 09 c5 eb 52 b5 7b 28-9d 80 a0 44 c2 89 0d 73   Q...R.{(...D...s
    0040 - 08 61 df 07 f7 2a 9b 0a-8c ae fd b4 23 52 8d 48   .a...*......#R.H
    0050 - c0 c9 b5 87 29 50 47 8b-56 01 30 87 c8 e4 9a d2   ....)PG.V.0.....
    0060 - 2d 5d 50 c4 49 15 56 bf-ac e3 92 c6 61 97 32 29   -]P.I.V.....a.2)
    0070 - 58 2d 5d 5e 54 11 05 21-63 8f b0 84 ff 82 52 c4   X-]^T..!c.....R.
    0080 - bb fd f8 3b 31 d7 01 e6-5f 2a 6a a8 f4 06 16 08   ...;1..._*j.....
    0090 - ac 0d a7 34 46 f7 88 08-92 25 08 12 2d ee ba f2   ...4F....%..-...
    00a0 - 85 ba 09 be 78 25 83 56-b7 b7 47 04 cd a3 0c 67   ....x%.V..G....g

    Start Time: 1584607327
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
closed
[root@ip-172-31-47-53 ~]#

启用双向验证(服务端启用客户端证书验证)时的完整openssl s_client请求

[root@ip-172-31-47-53 ~]# openssl s_client -connect api.iot.com:443 -tls1_2 -key ./device.key.pem -cert ./ca/intermediate/certs/device.cert.pem -CAfile ./ca/certs/ca.cert.pem -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=2 C = CN, ST = Guangdong, L = Shenzhen, O = YSWM, OU = YSWM Certificate Authority, CN = YSWM ROOT CA
verify return:1
depth=1 C = CN, ST = Guangdong, O = YSWM, OU = YSWM Certificate Authority, CN = YSWM Intermediate CA
verify return:1
depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = YSWL, OU = IT, CN = api.iot.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com
   i:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
 1 s:/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
   i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
 2 s:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
   i:/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFojCCA4qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
EjAQBgNVBAgMCUd1YW5nZG9uZzENMAsGA1UECgwEWVNXTTEjMCEGA1UECwwaWVNX
TSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHTAbBgNVBAMMFFlTV00gSW50ZXJtZWRp
YXRlIENBMB4XDTIwMDMxOTA2NDgzOVoXDTIxMDMxOTA2NDgzOVowZjELMAkGA1UE
BhMCQ04xEjAQBgNVBAgMCUd1YW5nZG9uZzERMA8GA1UEBwwIU2hlbnpoZW4xDTAL
BgNVBAoMBFlTV0wxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAthcGkuaW90LmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPKYx0hAmQ0SNZPXY2W7wDZM
2CoQEhMSuAvh5s1+P5QBx+llHCwk2ZNoRXiidRlA1E5Rr1YsAclEjbWcv9YKWiYn
RstZ1/k0/l9xo3dhRgwptb3nXeHht2PXY++uMEOTWWe+C/Q6aYbkia87ZtNI7n82
n9/pFY3dXQatbjulxheYnoWjCz5fl7O0/uw15U7C1P/CB3XMUGLqqm3KKIJfpLmT
gP7L+Q1dZVAcwrIfZdle6wG6dnpjRI7ak0GfbxOTokWAmr6YtWQoHYIoBpw8bKGS
xwc0fhpvwroNAY9pSsNs96wlteVMDp7oibltq31oH10/TWB7j0qflqr9WuFjA7MC
AwEAAaOCAUowggFGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG
SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFPLQcQCz1Qhb+obRMVXL5CiTcIT7MIGsBgNVHSMEgaQwgaGAFLu/
V7kbBJBkvwKAFrDNbnmg6uPfoYGEpIGBMH8xCzAJBgNVBAYTAkNOMRIwEAYDVQQI
DAlHdWFuZ2RvbmcxETAPBgNVBAcMCFNoZW56aGVuMQ0wCwYDVQQKDARZU1dNMSMw
IQYDVQQLDBpZU1dNIENlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAwwMWVNX
TSBST09UIENBggIQADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH
AwEwDQYJKoZIhvcNAQELBQADggIBAAsmdvtSux+U9FV8Z/+RIHxR/zvuPlc8sVnT
0ivj069MTUwNN7Q91V+YSWzAB//17H9Lsy5f6Fxl9zNP9r9X3F3J9ha1qVZLgJFa
CH3Otn/WPraS6Q1KiBwKPIMCgE0IA2Nz5ZrcIQwlTwQ2gIo41ZEMeVk0QvrXQXra
vEeFTB4NHID5naJivP/ObO1y+4NKiT4hjjjn/xQxW5y0ddAkHYPPibbMlGA3htFe
V/mIcVP7IeBYyJ31GPbJ9zu3hBpLFuqLh1YUdvJj9JL3wKTsPok5tL5RIM3wN9Ir
BOZRkkJ8uN/hsFoMY4cFz1NS7iy/4SnslQibT8oGqa/lBxt+3ABYjI5nQUvyHkf0
+Y1mXyTLy2EbaM4streJPV48FY3vsmwk7bA5BkbjvS3aj7Mt7AW28LtD+szlK1Ix
v4D06+Rl9kfZxFd6MWhLiMIYG4KfyIeficzM2X18PNZNdyxvbM/lWiLapc34aR6g
ISz6/vFD58euDAHYiQnRjsk1cL4ViF3yZVXvZWRm7Lyhwj/5CZ7EGuNXGhw/svMu
RLfr8SeoKohcJGE7nAEu+Q1q6VoNG0HKWk9Y2fEX+pS8z6ET875nL6ce12d9eEYR
CkhIeoqCXtd9qHof3L5Qf5yndGGkn4rt0lG6tZikyXxmzOV2pjr/STezH/2mqLS2
oEAMh2YN
-----END CERTIFICATE-----
subject=/C=CN/ST=Guangdong/L=Shenzhen/O=YSWL/OU=IT/CN=api.iot.com
issuer=/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
---
Acceptable client certificate CA names
/C=CN/ST=Guangdong/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM Intermediate CA
/C=CN/ST=Guangdong/L=Shenzhen/O=YSWM/OU=YSWM Certificate Authority/CN=YSWM ROOT CA
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 6757 bytes and written 2015 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: AAB0EF0F80FC694473791CD82FBAC09E1D2898F0A0809649313C99D5C7200483
    Session-ID-ctx: 
    Master-Key: 753B0AC90C5EF61C2065EC4CDDDBCF547787633E5E02B45AD73FAEE42FD8019D0BD3233543A70543C5EF276C9CAFDBEB
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 21 7b 18 62 74 1d b5 ef-15 31 c5 19 a3 5a 51 6b   !{.bt....1...ZQk
    0010 - db ca cd da a0 46 ac 3a-4b fe 0a cc bd d9 e5 c0   .....F.:K.......
    0020 - 4b 63 e9 3f ba 9f 01 72-45 3f 31 32 07 98 8b ad   Kc.?...rE?12....
    0030 - c8 b6 d6 65 9c 3b 04 99-13 e8 20 5e 45 0d bd 00   ...e.;.... ^E...
    0040 - 00 a1 d2 c6 34 50 4c 07-12 da aa e7 7e 90 b0 0c   ....4PL.....~...
    0050 - ba 60 e5 70 98 23 1c 57-08 34 00 64 fe ce 37 b5   .`.p.#.W.4.d..7.
    0060 - 7c 6f 66 2d 6a b8 9a 53-ef dd ab bd e3 1e 0d bc   |of-j..S........
    0070 - 69 eb df 29 a5 dd 92 9e-78 c4 77 2f c4 29 62 85   i..)....x.w/.)b.
    0080 - e5 67 6f 5a 83 1a 7b 84-23 37 ab 56 93 2d d9 75   .goZ..{.#7.V.-.u
    0090 - 44 a1 79 82 06 d3 b3 74-65 a7 ed 91 79 8b 0b 94   D.y....te...y...
    00a0 - 05 90 ed 42 c0 88 e0 ae-de c9 a7 3f 0b 45 e8 0f   ...B.......?.E..
    00b0 - af 86 3a 1e 9f 7e c2 66-a9 94 16 1c 1e a1 3d da   ..:..~.f......=.
    00c0 - 4b c7 71 72 87 9d 56 69-de 2e 52 4c d7 0c 45 ec   K.qr..Vi..RL..E.
    00d0 - 1a 5e bb 2d c8 77 65 6f-c6 0b 7a af 1d d0 dd e8   .^.-.weo..z.....
    00e0 - 3e ae cb a2 b7 1b ed 81-c1 13 9e 8f 7c 99 4a 90   >...........|.J.
    00f0 - 4e 42 b1 63 8a 80 08 ee-ad 3c 31 2f bd 53 4b 5f   NB.c.....<1/.SK_
    0100 - 7c 51 02 eb 70 37 aa 1c-73 49 fb 9c e6 6c 84 d0   |Q..p7..sI...l..
    0110 - a5 88 43 08 43 fc 9b 43-5f ef 53 bf ae 74 ac 15   ..C.C..C_.S..t..
    0120 - 4d 1b 6a c9 7c 37 e9 f7-d1 3c 54 72 9f 4e de 45   M.j.|7...<Tr.N.E
    0130 - b9 2a 5c 31 40 12 40 ec-17 c1 19 23 08 d1 9f 70   .*\1@.@....#...p
    0140 - 39 06 51 ff 9c d0 34 62-a7 75 29 46 9e e5 0b a5   9.Q...4b.u)F....
    0150 - 6b b4 2b d6 c0 21 25 a3-ad cf 83 43 13 d1 79 6f   k.+..!%....C..yo
    0160 - 1e 51 54 a6 70 9a 13 24-4f 5c 77 16 66 d0 c8 e5   .QT.p..$O\w.f...
    0170 - 56 0e 1e 4d dd 17 76 11-4d ff 94 ee 70 18 ab 2f   V..M..v.M...p../
    0180 - 11 20 2b 72 7e 9e 0f 54-55 f3 c7 0d 15 54 d3 e5   . +r~..TU....T..
    0190 - f9 a3 f1 67 03 c9 b5 26-b4 6a 2b 08 5c d5 bf db   ...g...&.j+.\...
    01a0 - 00 81 d0 d2 01 28 c4 05-a7 88 48 bf 32 2b d4 64   .....(....H.2+.d
    01b0 - fe 2d 7f ea d5 e3 2f 8c-23 b2 c0 92 e7 02 d2 b4   .-..../.#.......
    01c0 - a9 b1 6f 05 ce ff c3 78-87 38 f0 ac d6 42 fd 70   ..o....x.8...B.p
    01d0 - 50 3e 51 d2 48 cf ab 91-72 06 90 b9 a1 f9 19 81   P>Q.H...r.......
    01e0 - 15 c4 dd 5b 02 f9 61 94-1c 6a 1a 17 fc c6 a6 8f   ...[..a..j......
    01f0 - 24 95 2d 48 90 7c e6 4e-90 6d 3d 57 e6 2c 92 f8   $.-H.|.N.m=W.,..
    0200 - 3f 7b 02 d5 16 47 a5 b2-94 74 5e 3b 9d bc 0b d1   ?{...G...t^;....
    0210 - 78 63 c2 d4 6c ae f6 d3-aa 8d 49 1c 5c f1 b7 76   xc..l.....I.\..v
    0220 - 8f f5 6e 62 93 82 9b 6c-9c 30 de 58 f8 b1 04 85   ..nb...l.0.X....
    0230 - 0c c4 79 cc 9a 95 d3 8d-42 6a 3d ba f2 b5 2e e0   ..y.....Bj=.....
    0240 - ab 06 1d 6c 64 2c d2 da-59 81 bc 41 20 48 ce b0   ...ld,..Y..A H..
    0250 - 23 f8 09 4c 80 93 ce 8d-26 06 05 83 08 55 f5 d9   #..L....&....U..
    0260 - 96 ee 8f 9f 88 7f 07 b4-b2 5b c4 f3 24 2c b6 ec   .........[..$,..
    0270 - 2b dc 85 a2 ef 1e 20 5b-90 ed b8 6b fc a0 e4 72   +..... [...k...r
    0280 - f7 76 45 d1 26 e5 2c 39-67 ed be 5a 7f f3 64 37   .vE.&.,9g..Z..d7
    0290 - 98 9d 01 68 e0 27 b4 b8-32 1d cb 3a 52 46 9e 8f   ...h.'..2..:RF..
    02a0 - c8 a8 b2 5e c9 b1 a3 b1-76 b3 a5 e0 6f 41 bc 80   ...^....v...oA..
    02b0 - 60 d4 3b e7 3c 3b ff 9a-1a 08 4a 8c fa 48 86 5c   `.;.<;....J..H.\
    02c0 - 24 fd 9a 3c 3c c9 4b a2-a9 5d 5e 8d 07 1c f8 7f   $..<<.K..]^.....
    02d0 - 14 86 15 45 f9 d5 16 3a-a8 d9 a3 8d 18 06 b7 14   ...E...:........
    02e0 - 0a 0e 8b 42 18 6e e0 09-0f f3 2e 6b e8 1d 2b 37   ...B.n.....k..+7
    02f0 - c5 fc 55 f5 61 58 0b 5c-db 72 bb fb b2 75 4a cf   ..U.aX.\.r...uJ.
    0300 - 12 04 05 83 ea d7 e4 69-bf c3 0b 6a b7 1d 4c 57   .......i...j..LW
    0310 - 98 38 bd 72 9d a6 3c c9-14 98 f5 0b c2 3f ec 3e   .8.r..<......?.>
    0320 - 59 f8 44 e0 b6 0e 43 f0-2a d9 a2 99 24 9f 37 13   Y.D...C.*...$.7.
    0330 - db ec 5f 45 33 01 4e 47-24 b3 20 52 f4 25 a0 20   .._E3.NG$. R.%. 
    0340 - 59 f5 6c ac a6 36 91 96-aa 8e 50 fc 41 f5 d0 2d   Y.l..6....P.A..-
    0350 - f1 2d 3a db 21 d7 6b 49-d9 a1 24 89 18 90 c7 06   .-:.!.kI..$.....
    0360 - fe 1c 66 aa 72 10 57 b1-9f fb a8 d0 7b 54 71 eb   ..f.r.W.....{Tq.
    0370 - ae 12 f6 1d 0c 4b a4 bc-08 93 d1 7a 4e 46 d4 86   .....K.....zNF..
    0380 - 65 97 1f de 62 f2 87 68-4c 43 93 81 f5 01 21 4c   e...b..hLC....!L
    0390 - ea 8b a3 ea 21 75 3c 59-5b 46 b9 32 28 0b 53 1d   ....!u<Y[F.2(.S.
    03a0 - 83 60 bc 53 4c f0 35 d9-f2 5a 4a 6c bc 75 d7 e2   .`.SL.5..ZJl.u..
    03b0 - 4a 52 85 e7 54 9d c3 52-69 cc b0 a1 88 3b 78 e0   JR..T..Ri....;x.
    03c0 - cb 4d a3 db bc f0 28 85-f0 41 cc 73 e8 de 59 3a   .M....(..A.s..Y:
    03d0 - dc cb 8a eb 32 ef 99 26-bb 3b dc eb 1d f4 fc d6   ....2..&.;......
    03e0 - 2e 7e b2 e8 a5 41 2b 4a-9b 85 09 96 b0 6c 21 f7   .~...A+J.....l!.
    03f0 - 7e 29 8e 6a bd 0c 3a 5f-44 3f 7a dc 2a 65 26 71   ~).j..:_D?z.*e&q
    0400 - 6d ac cf 68 82 1d 63 f6-66 3d 1d a7 8a db 1c 4d   m..h..c.f=.....M
    0410 - 6a 5e de fe 3f ab 62 97-7f ed a8 27 fa 61 fb 48   j^..?.b....'.a.H
    0420 - d4 20 38 ae 44 26 63 df-45 e8 65 11 48 07 38 39   . 8.D&c.E.e.H.89
    0430 - 54 dc ea b6 9a 92 94 0f-88 80 e5 be d1 d1 f5 88   T...............
    0440 - f8 7c 40 e2 1c 6f 2a 47-e8 0a c8 19 e7 01 ad 38   .|@..o*G.......8
    0450 - ab a1 c0 1d a0 56 29 23-40 d4 0a 75 7e ad cd 5b   .....V)#@..u~..[
    0460 - 80 b7 85 6f e2 7d c4 85-5b 5a 8b 05 c6 80 e7 b1   ...o.}..[Z......
    0470 - ce 57 14 e5 f8 5d 99 be-66 d9 41 6d eb 40 8f 22   .W...]..f.Am.@."
    0480 - ac 79 c2 61 31 41 71 c0-87 c6 78 b4 73 24 06 69   .y.a1Aq...x.s$.i
    0490 - 6c 15 36 7d f2 80 5d b4-59 44 be 64 bf 61 f8 fc   l.6}..].YD.d.a..
    04a0 - 5f d6 8e 9e fe 6c 95 b9-d0 36 b8 0d 5f 67 eb 9b   _....l...6.._g..
    04b0 - 2f ea b1 36 fd 2e 68 ae-0e 99 b8 c6 bb 1d c4 7d   /..6..h........}
    04c0 - 57 60 19 03 8b 15 ca 24-ec 40 d4 21 f1 de 1b 1a   W`.....$.@.!....
    04d0 - 19 a1 35 eb fb f7 82 8d-14 71 f6 a8 1d 0c d8 4c   ..5......q.....L
    04e0 - 46 d8 1c 97 c9 32 64 5b-21 a7 4d e2 59 2b 4b 3d   F....2d[!.M.Y+K=
    04f0 - ef 3e 09 91 b7 66 ad c2-a4 f5 a6 d8 25 bb 81 a4   .>...f......%...
    0500 - b0 00 ea 80 d3 5c 74 ac-57 d8 3a c7 44 22 eb eb   .....\t.W.:.D"..
    0510 - ad c9 9b 73 8e db 59 4b-4a ea 33 85 20 7b 6d 61   ...s..YKJ.3. {ma
    0520 - 4c a5 61 a6 9e 5d 18 10-75 f5 cc 73 f7 72 66 f8   L.a..]..u..s.rf.
    0530 - 2b 87 65 b6 e3 25 b8 30-84 90 64 6f 90 18 6a 17   +.e..%.0..do..j.
    0540 - 55 bf 70 3a 78 16 27 ac-35 89 9d ec 0a 3e 79 19   U.p:x.'.5....>y.
    0550 - aa 2d 6e fe 64 f0 bc 5f-0d b4 19 e9 bb 8d 57 ca   .-n.d.._......W.
    0560 - 49 f6 e2 18 04 84 7d 3e-79 fd bf 36 62 0f 89 85   I.....}>y..6b...
    0570 - 8a 38 67 37 9c 52 a5 49-7b e1 fa b4 8f 62 57 d3   .8g7.R.I{....bW.
    0580 - ec 92 58 e3 51 ad 5b fa-0f 02 37 bd 05 b6 ce 0e   ..X.Q.[...7.....
    0590 - e9 30 69 47 c3 c9 02 cd-f9 cc 71 46 db 0c 5a a5   .0iG......qF..Z.
    05a0 - ed 2a b8 f7 fb 0a c0 b2-a8 7a 9d 35 75 1e f1 fe   .*.......z.5u...
    05b0 - df 47 0d 47 0b e2 94 88-69 26 e2 dc ef 5c 18 71   .G.G....i&...\.q
    05c0 - 01 28 83 26 4d ae 73 c7-db 4d 36 06 d1 0d d1 90   .(.&M.s..M6.....
    05d0 - 22 99 5e c4 ee 84 f9 a4-4a de b4 fe e0 d0 8d 8a   ".^.....J.......

    Start Time: 1584608510
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
[root@ip-172-31-47-53 ~]#

命令参数

openssl s_client -connect api.iot.com:443 -tls1_2 \
-key ./device.key.pem \
-cert ./ca/intermediate/certs/device.cert.pem \
-CAfile ./ca/certs/ca.cert.pem -state

openssl s_client -connect api.iot.com:443 -tls1_2 \
-key ./device.key.pem \
-cert ./ca/intermediate/certs/device.cert.pem \
-CAfile ./ca/certs/ca.cert.pem -state -debug

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据