How to debug a certificate request with OpenSSL?
When a SSL connection is enabled, the user certificate can be requested. But it is not compulsory and is often deferred by order of a specific URL.In that case, use the -prexit option of the openssl s_client request to ask for the SSL session to be displayed at the end.
See an example with our website https://testcert.pitux.com/php/testcrypto.php (you'll need OpenSSL 0.97 at least and we advise to update your roots, see Use a SSL linux / openssl client).
openssl s_client -port 443 -CApath /usr/share/ssl/certs/ -host testcert.pitux.com -prexitThe first negotiation is:
CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = FR, ST = Calvados, L = Caen, O = TBS INTERNET, OU = TBS INTERNET CA, CN = TBS X509 CA business 2 verify return:1 depth=0 C = FR, postalCode = 14000, ST = Calvados, L = CAEN, street = 22 RUE DE BRETAGNE, O = TBS CERTIFICATS, OU = 0002 440443810, CN = *.pitux.com verify return:1 139901678843712:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1407:SSL alert number 40 --- Certificate chain 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/ PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P 3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e 19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51 c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ 7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49 7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3 ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg= -----END CERTIFICATE----- subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 --- Acceptable client certificate CA names /O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 7685 bytes and written 314 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: Master-Key: D7CEDC5FCC80C9AFB902C649458F8A1F5E85DEF64C5AE95A2589ED04E97F7883267A13975A2431305069BE6DF7E22270 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1592213514 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no ---At this moment, you need to simulate the request of a page needing a user certificate, in our example:
GET /php/testcrypto.php HTTP/1.1 HOST: testcert.pitux.comIt provides the end of the negotiation:
Certificate chain 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/ PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P 3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e 19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51 c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ 7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49 7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3 ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg= -----END CERTIFICATE----- subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 --- Acceptable client certificate CA names /O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 7685 bytes and written 314 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: Master-Key: 7A8A21E0ECEF8CA588D7858CA194749386245D1866A3C327C3164F4514CF7472BC0E74C123A6A47DC59AEE1B4F8A9EC2 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1592213528 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no ---What interests us is the section Acceptable client certificate CA names:
/O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA businessNote as well the line
SSL alert number 40That indicates the server won't accept the connection because no user certificate was presented (complete the command line).
It is possible to use openssl to verify the presentation of a client certificate to a server that requires it. You just need to specify the client certificate and the private key with the parameters -cert and -key.
openssl s_client -port 443 -CApath /usr/share/ssl/certs/ -host testcert.pitux.com -prexit -cert your.client.certificate.cert -key your.private.key.keyHere is the result when presenting a certificate:
CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = FR, ST = Calvados, L = Caen, O = TBS INTERNET, OU = TBS INTERNET CA, CN = TBS X509 CA business 2 verify return:1 depth=0 C = FR, postalCode = 14000, ST = Calvados, L = CAEN, street = 22 RUE DE BRETAGNE, O = TBS CERTIFICATS, OU = 0002 440443810, CN = *.pitux.com verify return:1 --- Certificate chain 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/ PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P 3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e 19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51 c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ 7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49 7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3 ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg= -----END CERTIFICATE----- subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 --- Acceptable client certificate CA names /O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 9328 bytes and written 1972 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 7BD60F042548B64EB0D9B77EBECD294D2159526DBEED47D349162B672F5ADDF9 Session-ID-ctx: Master-Key: B518D2C09141A26B1B4AF17156419B98FE6A87C2601CB01494C9B6AF0E3FC87096A12107A21747415DA4E6727998F2F4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: ... Start Time: 1592221660 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- read:errno=0 --- Certificate chain 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/ PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P 3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e 19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51 c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ 7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49 7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3 ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg= -----END CERTIFICATE----- subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 --- Acceptable client certificate CA names /O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 9328 bytes and written 2003 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 7BD60F042548B64EB0D9B77EBECD294D2159526DBEED47D349162B672F5ADDF9 Session-ID-ctx: Master-Key: B518D2C09141A26B1B4AF17156419B98FE6A87C2601CB01494C9B6AF0E3FC87096A12107A21747415DA4E6727998F2F4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: ... Start Time: 1592221660 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no
Last edited on 06/15/2020 11:55:20 --- [search]