OpenSSL: troubleshooting
Troubleshooting certificate issues is not an easy task. They can be caused by various root causes: Common Name (CN) mismatch, usage of self-signed certificate, expired certificate, invalid cert chain and many other. Fortunately, here we have some commands to help! Testing client connection echo | openssl s_client -connect host:443 -state In this example echo command is used to send a new line and terminate connection and -state prints out the SSL session states. echo | openssl s_client -connect host:443 -status -status switch sends an Online Certificate Status Protocol (OCSP) request to the server to check revocation status of the certificate "With OSCP, a relying party is able to submit a certificate status request to an OCSP responder, such as a Certification Authority (CA). This returns an authentic, digitally signed response indicating the certificate status." - Entrust More on OCSP: https://www.entrust.com/knowledgebase/ssl/online-certificate-stat...