 |
       |
 |
 |
| Q.: |
How to list the installed certificate of a webservice ? |
| A.: |
I use the free tool OpenSSL which is a command-line tool available for UNIX (Ubuntu, Mac OS X). If you install stunnel, OpenSSL even works in Windows. In Mac OS X, you go for Macintosh HD → Applications → Utilities → Terminal.
For example:
openssl s_client -connect m.here.com:443
443 is the TCP port for secure variant of HTTP (HTTPS). m.here.com is the server address which you have to change to your personal value.
Another example:
openssl s_client -connect account.nokia.com:443
All lot of information is shown, however, we scroll back to the beginning and look at the section Certificate chain:
0 s:…CN=account.nokia.com
i:…CN=Cybertrust Public SureServer SV CA
1 s:…CN=Cybertrust Public SureServer SV CA
i:…CN=Baltimore CyberTrust Root
2 s:…CN=Baltimore CyberTrust Root
i:…CN=GTE CyberTrust Global Root
The certificate 0 s(igns) the identity of the server. That certificate was bought. It tells which authority i(ssued) it. Certificates 1 and 2 are intermediates which built-up to a trust-anchor your mobile phone knows. In this case, the root is GTE CyberTrust. When s: matches the previous i:, all certificates are in the chain and in the correct order. The root is missing because your mobile phone has it onboard, it would just be unnecessary data overhead to include it. Any questions left? Drop me a mail … |
|
 |
 |
 |
 |
|