Skip to content

CompTIA Linux+ XK0-005 - 4.2 - Testing Remote Systems: openssl s_client

This guide aims to provide you with a detailed understanding of openssl, a powerful tool for testing remote systems using the s_client command. Whether you are a beginner or have limited background knowledge, this guide will help you gain insights into how to use openssl s_client to perform various types of network testing, such as establishing SSL/TLS connections and troubleshooting SSL-related issues. By mastering openssl s_client, you will be able to effectively analyze and troubleshoot network resource issues in your Linux environment.

What is openssl and the s_client command

openssl is a widely-used open-source toolkit for implementing SSL/TLS protocols. It provides a versatile set of command-line tools for managing certificates, creating private keys, generating certificate signing requests (CSRs), and performing various cryptographic operations.

The s_client command is a specific command-line tool provided by openssl that allows you to connect to a remote server using SSL/TLS and perform testing and troubleshooting operations. It can be used to establish an SSL/TLS connection, verify server certificates, and retrieve detailed information about the SSL/TLS session.

Connecting to a Remote Server

To connect to a remote server using openssl s_client, open a terminal and use the following command:

openssl s_client -connect <host>:<port>

Replace <host> with the hostname or IP address of the remote server and <port> with the port number to connect to. The command establishes an SSL/TLS connection to the specified host and port. It verifies the server certificate chain and displays information about the certificates.

Example

$ openssl s_client -connect example.com:443

  CONNECTED(00000003)
  depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
  verify return:1
  depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
  verify return:1
  depth=0 CN = example.com
  verify return:1
  ---
  Certificate chain
   0 s:CN = example.com
     i:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
   1 s:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
     i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
  ---
  ...

Testing SMTP over SSL/TLS (SMTPS)

To test SMTP over SSL/TLS (SMTPS) using openssl s_client, open a terminal and use the following command:

openssl s_client -connect <host>:<port> -starttls smtp

Replace <host> with the hostname or IP address of the SMTP server and <port> with the SMTPS port number. The command establishes an SMTPS connection to the specified SMTP server, performs the SMTP handshake, and displays the server's response.

Example

$ openssl s_client -connect smtp.example.com:465 -starttls smtp

  CONNECTED(00000003)
  ...
  220 smtp.example.com ESMTP Postfix
  EHLO example.com
  250-smtp.example.com
  250-PIPELINING
  250-SIZE 10240000
  250-ETRN
  250-AUTH PL

  AIN LOGIN
  250-STARTTLS
  250-ENHANCEDSTATUSCODES
  ...

Conclusion

In this guide, we explored the topic of analyzing and troubleshooting network resource issues using the openssl s_client command in Linux environments. We discussed openssl as a powerful toolkit for implementing SSL/TLS protocols and the s_client command for testing remote systems. We provided examples of how to use openssl s_client to connect to a remote server and retrieve detailed information about SSL/TLS sessions.