openssl s_client で遊ぶ
MacOS 独自 CA 総まとめ - Shammerismで作成した認証局と中間認証局の証明書を以下のように合体させておく。
$ cat RootCA/certificate.pem > TrustCA.pem $ cat MiddleCA/certificate.pem >> TrustCA.pem
この TrustCA.pem を使用して、s_client で自前の SSL サーバーへ接続。
$ openssl s_client -connect '192.168.1.10:443' -CAfile TrustCA.pem
...
CONNECTED(00000003)
depth=2 .../CN=RootCA
verify return:1
depth=1 .../CN=MiddleCA
verify return:1
depth=0 .../CN=TestServer/...
verify return:1
---
Certificate chain
0 s:.../CN=TestServer/...
i:.../CN=MiddleCA
---
Server certificate
-----BEGIN CERTIFICATE-----
<--snip-->
-----END CERTIFICATE-----
subject=.../CN=TestServer/...
issuer=.../CN=MiddleCA
---
No client certificate CA names sent
---
SSL handshake has read 1179 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: ...
Session-ID-ctx:
Master-Key: ...
Key-Arg : None
Start Time: ...
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
GET / HTTP/1.1
Host: 192.168.1.10
Connection: close
HTTP/1.1 200 OK
...
read:errno=0
$s_client で接続後は telnet で 80 ポートにつないだような感覚でいろいろできる。
