Forum Discussion

eagertolearn's avatar
eagertolearn
Icon for Nimbostratus rankNimbostratus
Jun 24, 2024

Curl usage

Hi Experts,    We want to check the status of pool members Eg. service status locally on server, wanted to ensure that user is not offloading any SSL certificate on server locally, Ciphers on serve...
application delivery
eagertolearn's avatar
eagertolearn
Icon for Nimbostratus rankNimbostratus

Hi, 

 

Thanks for quick response.

 

But, if we use "k" (-vk) then this means ignore to check the SSL Certificate status on pool member.

if we want to check whether application team is offloading any ssl certificate on backend server or not OR if they are offloading then is certificate valid or expired , how to ensure this using curl command.

boneyard's avatar
boneyard
Icon for MVP rankMVP
Jun 24, 2024

don't get the offloading part. do you mean if they have a certificate or not?

if they don't and you do a curl -vk https://ip it will fail.

if they do and you do a curl -vk https://ip it will contain the certificate date.

  • eagertolearn's avatar
    eagertolearn
    Icon for Nimbostratus rankNimbostratus
    Jun 24, 2024

    Thanks for reply boneyard !

     

    One more information, If pool member is not on https (443) then . For Example , pool member is on port 5442  and  now we just wanted to check the port service status during troubleshooting.

     

    What should be the curl command coordinates for this case 

     

    • svs's avatar
      svs
      Icon for Cirrostratus rankCirrostratus
      Jun 26, 2024

      Maybe you should play around a bit with the information you got. I would assume, that it is self-explanatory...

      curl -vkI https://192.168.10.15:5442/status/health

      Just add the port to the IP address or hostname. If you call the server via https:// but the server only speaks http:// (and vice versa), you usally receive 400 Bad request as response. That's not always the case. But you should always receive a certificate, when calling via https://. Otherwise curl will complain, that no certificate was received.

      You are wrong about the argument regarding -k. This option just helps you to establish an SSL handshake, even if the server certificate is not trustworthy. You will receive the required information in each case. If you have to validate the trustworthiness of the remote certificate, you please checkout https://curl.se/docs/sslcerts.html. This should help to understand how it works. They also reference the openssl s_client tool, which helps for deeper investigations. curl is not made for this.