In this tutorial, we will provide helpful information about SSL certificates, SSL connections and testing an SSL connection using OpenSSL. The SSL certificates are necessary for domain names since they display essential information for verifying the website’s owner. It also encrypts the web traffic with SSL/TLS, including the public key, the certificate authority, and the associated subdomains. The traffic is through HTTPS (Hypertext Transfer Protocol Secure) when there is a valid SSL certificate, and this technology encrypts the data sent between a website and a browser. It prevents hackers from seeing or stealing any information, like personal data.
In the following paragraphs, we will proceed with the OpenSSL as software, how to install it, and how to test the SSL connections. Let’s get started!
What is OpenSSL?
OpenSSL is an open-source software library for applications that provides secure communications and implements the SSL and TLS protocols. It is written in C and implements basic cryptographic and utility functions. It is available for most Unix-like operating systems, such as Linux, MacOS, BSD, and Microsoft Windows. OpenSSL is used to generate certificate signing requests or private keys and to install and convert SSL certificates.
In the next paragraph, we will show you how to install OpenSSL and check its version.
How to install OpenSSL?
Since we are a Linux server company that offers support for Linux servers, this blog post will use a server with a Linux OS. We chose the latest Ubuntu 24.04. Let’s get things done!
First, update the system packages to the latest versions available before installing them.
sudo apt update -y && sudo apt upgrade -y
Once the system is updated, we can proceed with the installation of the OpenSSL with the command below:
sudo apt install openssl -y
After successful installation, you can check the OpenSSL version with the following command:
openssl version
You should get output similar to this:
root@host:~# openssl version OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
Testing an SSL Connection Using OpenSSL
Now, when almost everything is explained, and OpenSSL is installed, we can test a connection using it. Testing a connection using OpenSSL is with a simple command, and the syntax is the following one:
openssl s_client -connect DomainNameHere:HTTPS-Port
The s_client option analyzes client-to-server communication. It checks for a connection, an open port, the type of SSL, and its expiration.
So, to test the connection to some domain, let’s say google.com on port 443 (HTTPS port), we need to execute the following command:
openssl s_client -connect google.com:443
Executing this command will give us the following output:
oot@host:~# openssl s_client -connect google.com:443 CONNECTED(00000003) depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1 depth=1 C = US, O = Google Trust Services, CN = WR2 verify return:1 depth=0 CN = *.google.com verify return:1 --- Certificate chain 0 s:CN = *.google.com i:C = US, O = Google Trust Services, CN = WR2 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 16 08:55:48 2024 GMT; NotAfter: Dec 9 08:55:47 2024 GMT 1 s:C = US, O = Google Trust Services, CN = WR2 i:C = US, O = Google Trust Services LLC, CN = GTS Root R1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Dec 13 09:00:00 2023 GMT; NotAfter: Feb 20 14:00:00 2029 GMT 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1 i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT --- Server certificate ----BEGIN CERTIFICATE----- MIIOCzCCDPOgAwIBAgIRAMIO3q5jIRJ4ChBOtKvYvYMwDQYJKoZIhvcNAQELBQAw OzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczEM MAoGA1UEAxMDV1IyMB4XDTI0MDkxNjA4NTU0OFoXDTI0MTIwOTA4NTU0N1owFzEV MBMGA1UEAwwMKi5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE KpxL7FwsSYgEhjmA6ncHVU1ToWsDoCOrkkd47bfEvMqAE1c6FSXzKTU+xluaMpju PZNRcIXM0rYy+UqSDRXYaaOCC/cwggvzMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE DDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRD79kk19y13Tk8 iptIieAwep9VeTAfBgNVHSMEGDAWgBTeGx7teRXUPjckwyG77DQ5bUKyMDBYBggr BgEFBQcBAQRMMEowIQYIKwYBBQUHMAGGFWh0dHA6Ly9vLnBraS5nb29nL3dyMjAl BggrBgEFBQcwAoYZaHR0cDovL2kucGtpLmdvb2cvd3IyLmNydDCCCc0GA1UdEQSC CcQwggnAggwqLmdvb2dsZS5jb22CFiouYXBwZW5naW5lLmdvb2dsZS5jb22CCSou YmRuLmRldoIVKi5vcmlnaW4tdGVzdC5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5j b22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29n bGUuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlu . . . . . 0s2cWl0xFcxs0a0SW6qrZ5B5HZfHWhpReutvFTBNrrmsbfV5QVVhUj2YgYUKuzvP 4sBPAlHwMiev16xhuuPryzB19JC8qX5NkVWvh51Ems8l5xWgUehM8zaQSYFfTMwQ eq8v++gDRJLhccoymVm1GVAj6JpgJBukWLLH5wCpkevRb1vSBsnB2uXgc02R7OWR VjF+xfXe/V2bZ1uiHLqboeBqY4AwekA6Zbvo3SxBodOZffA01wQuXeg9SX+rocF8 tOeQEOuP9LAlbijGOVt7Nlf58RWF/FGxUPbf9/ZIZwDBXDpCsV6GxAQEt4mFkQ4= -----END CERTIFICATE----- subject=CN = *.google.com issuer=C = US, O = Google Trust Services, CN = WR2 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 6592 bytes and written 392 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
As you can see, the last line is for the verification return code. It says that is ok. That means that testing the connection using OpenSSL was successful.
This command provided us with Google.com’s certificate, details about the organization and the issuer, when it was issued, expired, the TLS version, etc.
If you want to get shorter output from the command, you can use the following one:
openssl s_client -connect google.com:443 -brief
You should get the following output:
root@host:~# openssl s_client -connect google.com:443 -brief CONNECTION ESTABLISHED Protocol version: TLSv1.3 Ciphersuite: TLS_AES_256_GCM_SHA384 Peer certificate: CN = *.google.com Hash used: SHA256 Signature type: ECDSA Verification: OK Server Temp Key: X25519, 253 bits
This command does not provide much information, but you can check if the Connection is Established.
That’s it. You successfully tested an SSL Connection using OpenSSL on Ubuntu 24.04 OS.
If you liked this Guide about testing an SSL Connection using OpenSSL, please share it with your friends or leave a comment below.