Monday, January 4, 2016

Using GNU TLS binary for debugging SSL/TLS

Have you ever wonder about  SSl/TLS connections details and need a simple binary for this purpose? openssl is a great tool for various conversions and CSR/priv-KEY generation, but GNuTLS is the master as workshop tool

Here's a simple execution with no verbose;

How about if you ever wonder if the certificate is a wildcard or SANs certificate;

Here's and look at which one deploys DH-key exchanges;

 note: use the "-insecure" for non-valid certificates

How about inspecting the CA chain depth, the number are detailed along with the certificates in the chain starting from the end to top CA. Here has a chain 4 links deep.

The -print-cert option provides details in the x509 format an DH info. Here's my virtual pfSense instance.

The GNuTLS cli binary is great if you work with server certificate and need to validate server SSL/TLS  connections and profiles like when work with  SLB ( A10, F5, Kemp,ServerIron, LVS ) or webservers ( MS, Apache2, Ngnix )

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment