openssl s_client -connect 10.0.0.36:443
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 CN = ROOTCA-CA-20-YEARS
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=2 CN = ROOTCA-CA-20-YEARS
verify return:1
depth=1 DC = com, DC = netprojekralac, CN = Issuing-SRVDC01-CA
verify return:1
depth=0 C = US, ST = New York, L = New York, O = NETPROJEKRALAC LLC, OU = SECURE WLAN, CN = isepsn13.netprojekralac.com
verify return:1
---
Certificate chain
0 s:C = US, ST = New York, L = New York, O = NETPROJEKRALAC LLC, OU = SECURE WLAN, CN = isepsn13.netprojekralac.com
i:DC = com, DC = netprojekralac, CN = Issuing-SRVDC01-CA
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Oct 17 19:35:52 2024 GMT; NotAfter: Oct 17 00:38:57 2025 GMT
1 s:DC = com, DC = netprojekralac, CN = Issuing-SRVDC01-CA
i:CN = ROOTCA-CA-20-YEARS
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Oct 17 00:28:57 2024 GMT; NotAfter: Oct 17 00:38:57 2025 GMT
2 s:CN = ROOTCA-CA-20-YEARS
i:CN = ROOTCA-CA-20-YEARS
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Oct 16 11:27:51 2024 GMT; NotAfter: Oct 16 11:37:51 2044 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgITGgAAABKBL4HLJDBg5AAAAAAAEjANBgkqhkiG9w0BAQsF
ADBSMRMwEQYKCZImiZPyLGQBGRYDY29tMR4wHAYKCZImiZPyLGQBGRYObmV0cHJv
amVrcmFsYWMxGzAZBgNVBAMTEklzc3VpbmctU1JWREMwMS1DQTAeFw0yNDEwMTcx
OTM1NTJaFw0yNTEwMTcwMDM4NTdaMIGMMQswCQYDVQQGEwJVUzERMA8GA1UECBMI
TmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRswGQYDVQQKExJORVRQUk9KRUtS
QUxBQyBMTEMxFDASBgNVBAsTC1NFQ1VSRSBXTEFOMSQwIgYDVQQDExtpc2Vwc24x
My5uZXRwcm9qZWtyYWxhYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCrtTolEHtzqhyZrsxLrGu6agiz/JFGHry/Q3LZIulUbpB40IC/LCTQTmh9
6QLRZGiHbhkxXDWF0WBUp90cgGUEBGCcp2siZQLsPR3r8MXDHSA2DZKXrO+M3X/Q
wueTt/UucXII7nCCTpVTpK4cyx2ZIZaTmNyc6b1oorjAP0p+sgj053VAXq5/YQ4r
TZY7p5HrozTT6cKttsEjvw8Dl//gdkjIC8L2aLMzE6BasQeckPsUHC14hH1pnlzh
WGfPCE88S3YZrjpxFCisPu4UPeLD+tGQRYLrptTwR8I9lL6snetrKH3SVRypSoWE
yWO+4bZdeqmK6KHeXRu7IcmiK8VVAgMBAAGjggJcMIICWDAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMCYGA1UdEQQfMB2CG2lzZXBzbjEzLm5ldHByb2pla3JhbGFjLmNvbTAf
BgNVHSMEGDAWgBQixINUUn1AeZwx9nO7eZhJfvAWCzCB1wYDVR0fBIHPMIHMMIHJ
oIHGoIHDhoHAbGRhcDovLy9DTj1Jc3N1aW5nLVNSVkRDMDEtQ0EsQ049U1JWREMw
MSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMs
Q049Q29uZmlndXJhdGlvbixEQz1uZXRwcm9qZWtyYWxhYyxEQz1jb20/Y2VydGlm
aWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1
dGlvblBvaW50MIHLBggrBgEFBQcBAQSBvjCBuzCBuAYIKwYBBQUHMAKGgatsZGFw
Oi8vL0NOPUlzc3VpbmctU1JWREMwMS1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5
JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1uZXRw
cm9qZWtyYWxhYyxEQz1jb20/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNz
PWNlcnRpZmljYXRpb25BdXRob3JpdHkwIQYJKwYBBAGCNxQCBBQeEgBXAGUAYgBT
AGUAcgB2AGUAcjANBgkqhkiG9w0BAQsFAAOCAQEArQspNsiPxKMKGisFI5y8Bl4T
7BC/2rMDQgKZOrwPVEz41GJb5LTyNWg7LwD5gVPBxGyQ/8ZLKGcpnAkjrXufzkOL
ODItOPpEgrZl6j8ZEF51fAF5WPYwI++ty1Gzt/nrJMZ6TE+5LQhje8alyXHq92Gc
BmblM9qGOa5g+MX2i1sLBLvxwr9Gxbb6EF6gnbmPH0MDfUger0S3znG2Vo0zZkRE
txaPa9+Mf2p7pkNmLhKwnJYHXonQSIf3Z3UTa1itys2e0KuNVk9/Vut4CJhgsRMx
KIcJLlyqu4kyVPnnCJFwIM+vaJe/1zbS9WlPN4xBzalein45hFai8PTmGMK07A==
-----END CERTIFICATE-----
subject=C = US, ST = New York, L = New York, O = NETPROJEKRALAC LLC, OU = SECURE WLAN, CN = isepsn13.netprojekralac.com
issuer=DC = com, DC = netprojekralac, CN = Issuing-SRVDC01-CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 4062 bytes and written 419 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: B43D5D3449C14984F4ECF760ACB41B6228FFCC1D5CC076F09190A27794EB0499
Session-ID-ctx:
Master-Key: 7AC908450E37265954341C169A7B64AF2506C0693563AFA72203CE042D80DF2F5364B6D7DC88EF6359978149DB7A9319
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - eb 8d 64 4b 9f dc d5 ee-4a 19 f1 ca bd eb fa 18 ..dK....J.......
0010 - d7 66 73 b6 64 86 fc c4-1a f5 17 16 4e c7 92 53 .fs.d.......N..S
0020 - 25 6f c1 75 ff b9 d5 c3-b9 37 a0 ef 61 fb ee 6b %o.u.....7..a..k
0030 - fe 0b 3d d5 1f d9 2e 8a-98 ae a5 42 c7 0c 0a ce ..=........B....
0040 - 2b 67 03 eb f3 cf d1 9c-f6 07 10 d6 bf 2b 97 56 +g...........+.V
0050 - 60 e2 23 2d 19 c1 b1 5b-9c b6 93 ae 8b ce 6e 47 `.#-...[......nG
0060 - 3d d4 11 f2 7b f8 d5 b8-9c 61 1f 0f 30 f2 cd b5 =...{....a..0...
0070 - 2d c5 d9 7e 97 7c 26 3c-c3 cb d7 24 63 8a 51 21 -..~.|&<...$c.Q!
0080 - bf ce 66 9c ee bd 22 29-33 cf f1 aa db fd b7 78 ..f...")3......x
0090 - ba 52 cf d6 61 72 be a6-8c eb 9b 8e 88 f6 7e 2f .R..ar........~/
00a0 - e8 bb 1c 03 e2 50 21 24-c6 f2 33 67 2d db ce 84 .....P!$..3g-...
Start Time: 1730550108
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: yes
---
OpenSSL x509 options
openssl x509 -help
Usage: x509 [options]
General options:
-help Display this summary
-in infile Certificate input, or CSR input file with -req (default stdin)
-passin val Private key and cert file pass-phrase source
-new Generate a certificate from scratch
-req Input is a CSR file (rather than a certificate)
-inform format CSR input file format (DER or PEM) - default PEM
-out outfile Output file - default stdout
-outform format Output format (DER or PEM) - default PEM
-nocert No cert output (except for requested printing)
-noout No output (except for requested printing)
Certificate printing options:
-text Print the certificate in text form
-dateopt val Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822.
-certopt val Various certificate text printing options
-fingerprint Print the certificate fingerprint
-alias Print certificate alias
-serial Print serial number value
-startdate Print the notBefore field
-enddate Print the notAfter field
-dates Print both notBefore and notAfter fields
-subject Print subject DN
Save the certificate in text format
nano 10.0.0.36-cert
Copy and paste the cert contents to the file
OpenSSL can be used to view attributes within the certificate
openssl x509 -in 10.0.0.36-cert -text -noout
openssl x509 -in 10.0.0.36-cert -noout -serial
openssl x509 -in 10.0.0.36-cert -noout -issuer
openssl x509 -in 10.0.0.36-cert -noout -dates
openssl x509 -in 10.0.0.36-cert -noout -subject
openssl x509 -in 10.0.0.36-cert -noout -ext subjectAltName
openssl x509 -in 10.0.0.36-cert -noout -ext keyUsage
openssl x509 -in 10.0.0.36-cert -noout -ext extendedKeyUsage
openssl x509 -in 10.0.0.36-cert -noout -ext keyUsage,extendedKeyUsage,