Thursday, May 29, 2014

SSL on Weblogic Made Simple – PART4 (Unix utilities)


                                      



Here are some of the unix utilities I put together to test the SSL connectivity on Unix System

We see lot of SSL related issues on the client side , We can do synthetic ssl testing before we handover to the stake holders.


1)      Wget
 
# wget http://www.google.com
The above command will test the connectivity and download the home

 # wget -vSd   --no-check-certificate  --ca-certificate=cacert.pem https://<url>
         This command will make a SSL connection using the trusted store cacert.pem
          Verifies SSL handshake

          # wget -vSd  --no-check-certificate  --ca-certificate=cacert.pem https://<url> 
            --http-user=pavanuser --http-password=pavanpassword         
          If the url is protected then you need to pass username and password as above to
         test  the connectivity.

2)      Openssl

#openssl s_client -connect <HOST>:<PORT>
Testing HTTPS Services Using "openssl s_client -connect" Command
This will open an SSL connection to <HOST>  < PORT> and print the ssl certificate used by the service. After connecting you can manually send http requests. This is similar to using telnet to connect to an http service and manually sending an http, i.e GET, request.

If openssl fails to connect it will wait until a timeout occurs and will print an error similar to the following :
connect: Operation timed out

# openssl s_client -connect <hostname>:<port> -showcerts
Adding -showcerts parameter to this command will print all certificates in the certificate chain



# openssl s_client -showcerts -msg  -debug  -host  <host>  -port  <PORT>
# openssl s_client -showcerts -msg -debug -host <URL> -port 443
(URL with SSL Port)
For additional debugging information

3)      Curl

# gives  brief description of parameters
curl --help

# curl manual page
man curl

#Make a GET request without any data:
curl –k https://www.xignite.com/xcurrencies.asmx?WSDL

#To print Headers and content
curl –k https://www.xignite.com/xcurrencies.asmx?WSDL –include

#To Test the SSL connectivity (fail if we don’t pass CAcert)
curl -q -verbose -insecure -Iv https://<URL>:<PORT>

## To test the SSL connectivity passing the Trusted CA’s
curl -q -verbose -insecure --cacert  myCAcert.pem -Iv https://<URL>:<PORT>
curl -q -verbose -insecure --cacert  myCAcert.pem -Iv https://<host>:<PORT>

 
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)