Guide to Testing an SSL Connection Using OpenSSL

In this tutorial, we will provide helpful information about SSL certificates, SSL connections and testing an SSL connection using OpenSSL. The SSL certificates are necessary for domain names since they display essential information for verifying the website’s owner. It also encrypts the web traffic with SSL/TLS, including the public key, the certificate authority, and the associated subdomains. The traffic is through HTTPS (Hypertext Transfer Protocol Secure) when there is a valid SSL certificate, and this technology encrypts the data sent between a website and a browser. It prevents hackers from seeing or stealing any information, like personal data.

In the following paragraphs, we will proceed with the OpenSSL as software, how to install it, and how to test the SSL connections. Let’s get started!

What is OpenSSL?

OpenSSL is an open-source software library for applications that provides secure communications and implements the SSL and TLS protocols. It is written in C and implements basic cryptographic and utility functions. It is available for most Unix-like operating systems, such as Linux, MacOS, BSD, and Microsoft Windows. OpenSSL is used to generate certificate signing requests or private keys and to install and convert SSL certificates.

In the next paragraph, we will show you how to install OpenSSL and check its version.

How to install OpenSSL?

Since we are a Linux server company that offers support for Linux servers, this blog post will use a server with a Linux OS. We chose the latest Ubuntu 24.04. Let’s get things done!

First, update the system packages to the latest versions available before installing them.

sudo apt update -y && sudo apt upgrade -y

Once the system is updated, we can proceed with the installation of the OpenSSL with the command below:

sudo apt install openssl -y

After successful installation, you can check the OpenSSL version with the following command:

openssl version

You should get output similar to this:

root@host:~#  openssl version
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)

Testing an SSL Connection Using OpenSSL

Now, when almost everything is explained, and OpenSSL is installed, we can test a connection using it. Testing a connection using OpenSSL is with a simple command, and the syntax is the following one:

openssl s_client -connect DomainNameHere:HTTPS-Port

The s_client option analyzes client-to-server communication. It checks for a connection, an open port, the type of SSL, and its expiration.

So, to test the connection to some domain, let’s say google.com on port 443 (HTTPS port), we need to execute the following command:

openssl s_client -connect google.com:443

Executing this command will give us the following output:

oot@host:~# openssl s_client -connect google.com:443
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services, CN = WR2
verify return:1
depth=0 CN = *.google.com
verify return:1
---
Certificate chain
 0 s:CN = *.google.com
   i:C = US, O = Google Trust Services, CN = WR2
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep 16 08:55:48 2024 GMT; NotAfter: Dec  9 08:55:47 2024 GMT
 1 s:C = US, O = Google Trust Services, CN = WR2
   i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec 13 09:00:00 2023 GMT; NotAfter: Feb 20 14:00:00 2029 GMT
 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
   i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
---
Server certificate
----BEGIN CERTIFICATE-----
MIIOCzCCDPOgAwIBAgIRAMIO3q5jIRJ4ChBOtKvYvYMwDQYJKoZIhvcNAQELBQAw
OzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczEM
MAoGA1UEAxMDV1IyMB4XDTI0MDkxNjA4NTU0OFoXDTI0MTIwOTA4NTU0N1owFzEV
MBMGA1UEAwwMKi5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
KpxL7FwsSYgEhjmA6ncHVU1ToWsDoCOrkkd47bfEvMqAE1c6FSXzKTU+xluaMpju
PZNRcIXM0rYy+UqSDRXYaaOCC/cwggvzMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRD79kk19y13Tk8
iptIieAwep9VeTAfBgNVHSMEGDAWgBTeGx7teRXUPjckwyG77DQ5bUKyMDBYBggr
BgEFBQcBAQRMMEowIQYIKwYBBQUHMAGGFWh0dHA6Ly9vLnBraS5nb29nL3dyMjAl
BggrBgEFBQcwAoYZaHR0cDovL2kucGtpLmdvb2cvd3IyLmNydDCCCc0GA1UdEQSC
CcQwggnAggwqLmdvb2dsZS5jb22CFiouYXBwZW5naW5lLmdvb2dsZS5jb22CCSou
YmRuLmRldoIVKi5vcmlnaW4tdGVzdC5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5j
b22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29n
bGUuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlu
                            .
                            .
                            .
                            .
                            .
0s2cWl0xFcxs0a0SW6qrZ5B5HZfHWhpReutvFTBNrrmsbfV5QVVhUj2YgYUKuzvP
4sBPAlHwMiev16xhuuPryzB19JC8qX5NkVWvh51Ems8l5xWgUehM8zaQSYFfTMwQ
eq8v++gDRJLhccoymVm1GVAj6JpgJBukWLLH5wCpkevRb1vSBsnB2uXgc02R7OWR
VjF+xfXe/V2bZ1uiHLqboeBqY4AwekA6Zbvo3SxBodOZffA01wQuXeg9SX+rocF8
tOeQEOuP9LAlbijGOVt7Nlf58RWF/FGxUPbf9/ZIZwDBXDpCsV6GxAQEt4mFkQ4=
-----END CERTIFICATE-----
subject=CN = *.google.com
issuer=C = US, O = Google Trust Services, CN = WR2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 6592 bytes and written 392 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

As you can see, the last line is for the verification return code. It says that is ok. That means that testing the connection using OpenSSL was successful.

This command provided us with Google.com’s certificate, details about the organization and the issuer, when it was issued, expired, the TLS version, etc.

If you want to get shorter output from the command, you can use the following one:

openssl s_client -connect google.com:443 -brief

You should get the following output:

root@host:~# openssl s_client -connect google.com:443 -brief
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: CN = *.google.com
Hash used: SHA256
Signature type: ECDSA
Verification: OK
Server Temp Key: X25519, 253 bits

This command does not provide much information, but you can check if the Connection is Established.

That’s it. You successfully tested an SSL Connection using OpenSSL on Ubuntu 24.04 OS.

If you liked this Guide about testing an SSL Connection using OpenSSL, please share it with your friends or leave a comment below.

Leave a Comment