Checking two-way authentication SSL/TLS handshake
I work on a REST API client that needs to connect to an SSL/TSL server using two-way authentication. That is, the client also needs to authenticate itself against the server with the client SSL certificate.
It turns out you can quickly check if the SSL handshake can be established with this handy
openssl diagnostics command:
$ openssl s_client -connect example.com:403 -cert client_cert.pem
example.com:403 is the server, and
client_cert.pem is the client certificate.
In case of SSL handshake failure, the command will show an error, for example:
4306587116:error:1401E0E5:SSL routines:CONNECT_CR_FINISHED:ssl handshake failure
In case the handshake succeeds & the connection is established, the command will be waiting for input, which will be sent to the server.
Some more posts I have found useful about this topic:
- OpenSSL s_client docs, especially the "NOTES" section at the bottom
- How To Use OpenSSL s_client To Check and Verify SSL/TLS Of HTTPS Webserver
- OpenSSL Command-Line HOWTO
If you need help with building the tech products get in touch.