Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


How to debug a certificate request with OpenSSL?

When a SSL connection is enabled, the user certificate can be requested. But it is not compulsory and is often deferred by order of a specific URL.

In that case, use the -prexit option of the openssl s_client request to ask for the SSL session to be displayed at the end.

See an example with our website https://testcert.pitux.com/php/testcrypto.php (you'll need OpenSSL 0.97 at least and we advise to update your roots, see Use a SSL linux / openssl client).
openssl s_client -port 443 -CApath /usr/share/ssl/certs/ -host testcert.pitux.com -prexit
The first negotiation is:
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = FR, ST = Calvados, L = Caen, O = TBS INTERNET, OU = TBS INTERNET CA, CN = TBS X509 CA business 2
verify return:1
depth=0 C = FR, postalCode = 14000, ST = Calvados, L = CAEN, street = 22 RUE DE BRETAGNE, O = TBS CERTIFICATS, OU = 0002 440443810, CN = *.pitux.com
verify return:1
139901678843712:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1407:SSL alert number 40
---
Certificate chain
 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu
MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD
QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw
MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw
MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy
MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG
A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/
PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l
ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P
3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN
LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e
19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB
o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O
BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB
MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy
dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51
c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE
ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw
OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy
dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK
KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF
q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX
kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv
U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC
IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ
7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d
xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ
oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ
KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk
YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49
7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX
oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3
ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh
URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg=
-----END CERTIFICATE-----
subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com
issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
---
Acceptable client certificate CA names
/O=Autorite Consulaire/CN=CSF
/C=FR/O=Dhimyotis/CN=Certigna
/C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles
/O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA
/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 7685 bytes and written 314 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: D7CEDC5FCC80C9AFB902C649458F8A1F5E85DEF64C5AE95A2589ED04E97F7883267A13975A2431305069BE6DF7E22270
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1592213514
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
At this moment, you need to simulate the request of a page needing a user certificate, in our example:
GET /php/testcrypto.php HTTP/1.1
HOST: testcert.pitux.com

It provides the end of the negotiation:
Certificate chain
 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu
MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD
QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw
MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw
MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy
MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG
A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/
PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l
ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P
3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN
LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e
19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB
o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O
BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB
MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy
dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51
c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE
ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw
OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy
dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK
KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF
q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX
kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv
U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC
IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ
7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d
xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ
oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ
KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk
YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49
7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX
oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3
ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh
URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg=
-----END CERTIFICATE-----
subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com
issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
---
Acceptable client certificate CA names
/O=Autorite Consulaire/CN=CSF
/C=FR/O=Dhimyotis/CN=Certigna
/C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles
/O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA
/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 7685 bytes and written 314 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 7A8A21E0ECEF8CA588D7858CA194749386245D1866A3C327C3164F4514CF7472BC0E74C123A6A47DC59AEE1B4F8A9EC2
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1592213528
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
What interests us is the section Acceptable client certificate CA names:
/O=Autorite Consulaire/CN=CSF
/C=FR/O=Dhimyotis/CN=Certigna
/C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles
/O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA
/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
Note as well the line
SSL alert number 40
That indicates the server won't accept the connection because no user certificate was presented (complete the command line).

It is possible to use openssl to verify the presentation of a client certificate to a server that requires it. You just need to specify the client certificate and the private key with the parameters -cert and -key.

openssl s_client -port 443 -CApath /usr/share/ssl/certs/ -host testcert.pitux.com -prexit -cert your.client.certificate.cert -key your.private.key.key
Here is the result when presenting a certificate:
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = FR, ST = Calvados, L = Caen, O = TBS INTERNET, OU = TBS INTERNET CA, CN = TBS X509 CA business 2
verify return:1
depth=0 C = FR, postalCode = 14000, ST = Calvados, L = CAEN, street = 22 RUE DE BRETAGNE, O = TBS CERTIFICATS, OU = 0002 440443810, CN = *.pitux.com
verify return:1
---
Certificate chain
 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu
MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD
QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw
MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw
MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy
MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG
A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/
PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l
ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P
3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN
LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e
19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB
o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O
BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB
MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy
dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51
c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE
ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw
OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy
dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK
KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF
q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX
kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv
U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC
IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ
7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d
xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ
oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ
KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk
YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49
7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX
oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3
ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh
URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg=
-----END CERTIFICATE-----
subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com
issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
---
Acceptable client certificate CA names
/O=Autorite Consulaire/CN=CSF
/C=FR/O=Dhimyotis/CN=Certigna
/C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles
/O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA
/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 9328 bytes and written 1972 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 7BD60F042548B64EB0D9B77EBECD294D2159526DBEED47D349162B672F5ADDF9
    Session-ID-ctx: 
    Master-Key: B518D2C09141A26B1B4AF17156419B98FE6A87C2601CB01494C9B6AF0E3FC87096A12107A21747415DA4E6727998F2F4
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    ...
    Start Time: 1592221660
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    ---
read:errno=0
---
Certificate chain
 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com
   i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu
MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD
QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw
MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw
MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy
MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG
A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/
PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l
ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P
3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN
LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e
19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB
o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O
BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB
MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy
dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51
c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE
ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw
OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy
dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK
KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF
q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX
kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv
U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC
IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ
7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d
xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ
oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ
KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk
YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49
7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX
oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3
ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh
URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg=
-----END CERTIFICATE-----
subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com
issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2
---
Acceptable client certificate CA names
/O=Autorite Consulaire/CN=CSF
/C=FR/O=Dhimyotis/CN=Certigna
/C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles
/O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA
/C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA
/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona
/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 9328 bytes and written 2003 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 7BD60F042548B64EB0D9B77EBECD294D2159526DBEED47D349162B672F5ADDF9
    Session-ID-ctx: 
    Master-Key: B518D2C09141A26B1B4AF17156419B98FE6A87C2601CB01494C9B6AF0E3FC87096A12107A21747415DA4E6727998F2F4
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    ...
    Start Time: 1592221660
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no