Openssl s_client -connect not seeing certificates of Apache Virtual Hosts

Nemus · 09-11-2014, 02:11 PM

So I want to monitor my certificates on my web server which has multiple certificates that Apache is severing via virtual hosts for different domains.

How can I get openssl s_client -connect to display the certificate information for each of the certificates ?

I've tried something like the following, but it just returns the certificate I would see if I went to the site manually via the ip address.

echo "GET https://test.example.com/ HTTP/1.1" | openssl s_client -state -nbio -connect test.example.com:443 | openssl x509 -noout -text

Also is there away I could do this with curl?

unSpawn · 09-20-2014, 02:38 AM

Quote:

Originally Posted by Nemus

So I want to monitor my certificates on my web server which has multiple certificates that Apache is severing via virtual hosts for different domains.

There's probably already a tool for that maybe called "certwatch" or like that.

Quote:

Originally Posted by Nemus

How can I get openssl s_client -connect to display the certificate information for each of the certificates ? I've tried something like the following, but it just returns the certificate I would see if I went to the site manually via the ip address.

I don't get your explanation of the difference between things you tried or what you're trying to accomplish as "go to the site manually" is exactly what s_client does. Please explain in detail.

Quote:

Originally Posted by Nemus

Also is there away I could do this with curl?

No, because any tool that understands SSL will set up a connection and properly validate the certificate before moving on to the encapsulated protocol part.