Forum Discussion

5 Replies

  • Thank you for your reply. I figured out using curl -v https://abc.com would show the cert before redirect. It will also display to which site it redirects 

    • Paulius's avatar
      Paulius
      Icon for MVP rankMVP

      InquisitiveMai If you only are concerned with the redirects and SSL certificate you can also do the following so you don't have to bother looking through the page data and instead you will only receive the HTTP header.

      curl -Iv "https://abc.com/"

      If for some reason you were receiving SSL errors you should be able to run the following to ignore the SSL errors as well as follow any redirects provided.

      curl -IvkL "https://abc.com/"

      • InquisitiveMai's avatar
        InquisitiveMai
        Icon for Cirrostratus rankCirrostratus

        Thank you Paulius for your response. But I see the same output for curl -v <URL> and curl -lv <URL>

        Is it a differnt Curl Command 

  • As long as you use a HTTP Client like a browser you will not have much luck with this.

     

    Solution 1

    i use a random linux box for stuff like this.

    [root@linux-infra-1 ~]# openssl s_client --connect www.abc.com:443

    Result will look like the following where you can read all required information and also create some scripts from it:

    Spoiler

    [root@linux-infra-1 ~]# openssl s_client --connect www.example.com:443
    CONNECTED(00000003)
    depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
    verify return:1
    depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
    verify return:1
    depth=0 C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
    verify return:1
    ---
    Certificate chain
    0 s:C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
    i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
    1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
    i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIHSjCCBjKgAwIBAgIQDB/LGEUYx+OGZ0EjbWtz8TANBgkqhkiG9w0BAQsFADBP
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
    aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMzAxMTMwMDAwMDBa
    Fw0yNDAyMTMyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
    cm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxQjBABgNVBAoMOUludGVybmV0wqBD
    b3Jwb3JhdGlvbsKgZm9ywqBBc3NpZ25lZMKgTmFtZXPCoGFuZMKgTnVtYmVyczEY
    MBYGA1UEAxMPd3d3LmV4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
    MIIBCgKCAQEAwoB3iVm4RW+6StkR+nutx1fQevu2+t0Fu6KBcbvhfyHSXy7w0nJO
    dTT4jWLjStpRkNQBPZwMwHH35i+21gdnJtDe/xfO8IX9McFmyodlBUcqX8CruIzD
    v9AXf2OjXPBG+4aq+03XKl5/muATl32++301Vw1dXoGYNeoWQqLTsHT3WS3tOOf+
    ehuzNuZ+rj+ephaD3lMBToEArrtC9R91KTTN6YSAOK48NxTA8CfOMFK5itxfIqB5
    +E9OSQTidXyqLyoeA+xxTKMqYfxvypEek1oueAhY9u67NCBdmuavxtfyvwp7+o6S
    d+NsewxAhmRKFexw13KOYzDhC+9aMJcuJQIDAQABo4ID2DCCA9QwHwYDVR0jBBgw
    FoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFLCTP+gXgv1ssrYXh8vj
    gP6CmwGeMIGBBgNVHREEejB4gg93d3cuZXhhbXBsZS5vcmeCC2V4YW1wbGUubmV0
    ggtleGFtcGxlLmVkdYILZXhhbXBsZS5jb22CC2V4YW1wbGUub3Jngg93d3cuZXhh
    bXBsZS5jb22CD3d3dy5leGFtcGxlLmVkdYIPd3d3LmV4YW1wbGUubmV0MA4GA1Ud
    DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY8GA1Ud
    HwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
    VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGln
    aWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDA+BgNV
    HSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj
    ZXJ0LmNvbS9DUFMwfwYIKwYBBQUHAQEEczBxMCQGCCsGAQUFBzABhhhodHRwOi8v
    b2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0dHA6Ly9jYWNlcnRzLmRp
    Z2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcnQwCQYD
    VR0TBAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYA7s3QZNXbGs7FXLed
    tM0TojKHRny87N7DUUhZRnEftZsAAAGFq0gFIwAABAMARzBFAiEAqt+fK6jFdGA6
    tv0EWt9rax0WYBV4re9jgZgq0zi42QUCIEBh1yKpPvgX1BreE0wBUmriOVUhJS77
    KgF193fT2877AHcAc9meiRtMlnigIH1HneayxhzQUV5xGSqMa4AQesF3crUAAAGF
    q0gFnwAABAMASDBGAiEA12SUFK5rgLqRzvgcr7ZzV4nl+Zt9lloAzRLfPc7vSPAC
    IQCXPbwScx1rE+BjFawZlVjLj/1PsM0KQQcsfHDZJUTLwAB2AEiw42vapkc0D+Vq
    AvqdMOscUgHLVt0sgdm7v6s52IRzAAABhatIBV4AAAQDAEcwRQIhAN5bhHthoyWM
    J3CQB/1iYFEhMgUVkFhHDM/nlE9ThCwhAiAPvPJXyp7a2kzwJX3P7fqH5Xko3rPh
    CzRoXYd6W+QkCjANBgkqhkiG9w0BAQsFAAOCAQEAWeRK2KmCuppK8WMMbXYmdbM8
    dL7F9z2nkZL4zwYtWBDt87jW/Gz/E5YyzU/phySFC3SiwvYP9afYfXaKrunJWCtu
    AG+5zSTuxELFTBaFnTRhOSO/xo6VyYSpsuVBD0R415W5z9l0v1hP5xb/fEAwxGxO
    Ik3Lg2c6k78rxcWcGvJDoSU7hPb3U26oha7eFHSRMAYN8gfUxAi6Q2TF4j/arMVB
    r6Q36EJ2dPcTu0p9NlmBm8dE34lzuTNC6GDCTWFdEloQ9u//M4kUUOjWn8a5XCs1
    263t3Ta2JfKViqxpP5r+GvgVKG3qGFrC0mIYr0B4tfpeCY9T+cz4I6GDMSP0xg==
    -----END CERTIFICATE-----
    subject=C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org

    issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1

    ---
    No client certificate CA names sent
    Peer signing digest: SHA256
    Peer signature type: RSA-PSS
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 3775 bytes and written 739 bytes
    Verification: OK
    ---
    New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---
    ---
    Post-Handshake New Session Ticket arrived:
    SSL-Session:
    Protocol : TLSv1.3
    Cipher : TLS_AES_256_GCM_SHA384
    Session-ID: 9B5312A1899D43C5C0AB7CE61FD4ED35B5CB1998F5B47574A67C5F77F81DC9F2
    Session-ID-ctx:
    Resumption PSK: 53DDA0BB9D68DCD6A4CE672AA9C7D939905E2E70FADF7E4D0B09147FC22E74DD0B2847D5F73F198473213313AC9CF331
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - ae ae cd 93 34 63 ef 30-6f d3 a9 06 f0 0f b7 e5 ....4c.0o.......
    0010 - 19 ac 2d 01 fe 5f 72 11-90 a7 e0 a8 e1 3f 03 8a ..-.._r......?..
    0020 - 32 21 24 fa 05 05 9a 9a-b4 f5 be f0 c0 72 f8 5a 2!$..........r.Z
    0030 - 64 f3 e2 59 f5 08 9e be-24 3d ad fa 92 db cd 26 d..Y....$=.....&
    0040 - 9b c2 ed 53 4f 10 4b b3-10 41 30 6a 8a 73 3d 04 ...SO.K..A0j.s=.
    0050 - 0a c5 8a f0 30 a6 bc 6b-f2 07 6c db 8f 12 e3 b9 ....0..k..l.....
    0060 - 1c e7 cb 0d 4d bc 67 1b-71 a7 d7 d4 fc d1 18 b7 ....M.g.q.......
    0070 - 24 8a 60 e0 84 26 7f 02-8c 00 d1 89 49 45 eb c9 $.`..&......IE..
    0080 - 8e 35 e6 7b bc 11 36 f8-3a 6f 4e 45 7b f0 ae e3 .5.{..6.:oNE{...
    0090 - ff 64 60 b7 ca b1 95 c9-d1 b5 10 78 e0 95 9b 6a .d`........x...j
    00a0 - e2 81 c5 a1 d9 0d f2 c5-3f 41 3c 04 fb f6 38 ad ........?A<...8.
    00b0 - 04 a6 7f 1f 20 94 36 9a-66 13 38 e0 4c aa b6 bc .... .6.f.8.L...
    00c0 - de 87 67 4b 1d 62 af 15-02 ca 43 50 6e 09 6c 83 ..gK.b....CPn.l.

    Start Time: 1680154286
    Timeout : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
    ---
    read R BLOCK
    ---
    Post-Handshake New Session Ticket arrived:
    SSL-Session:
    Protocol : TLSv1.3
    Cipher : TLS_AES_256_GCM_SHA384
    Session-ID: 99120389A2C663A2969C4CDE99B1C116A27A282A2D845924FE7B602403B1A2BD
    Session-ID-ctx:
    Resumption PSK: EDF2D8B8843DB94E7150193748EDC143533CEB3BA4AB171876EA6C7B58398938F53D25B817A8275E3A3DB2C3362EFD06
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - ae ae cd 93 34 63 ef 30-6f d3 a9 06 f0 0f b7 e5 ....4c.0o.......
    0010 - 5f ba f7 2b 5c 72 28 c7-36 e5 8a fd 4c fe 9a f6 _..+\r(.6...L...
    0020 - 6d ad bd ec be 7c 36 ba-25 32 56 7c 04 40 70 c2 m....|6.%2V|.@p.
    0030 - 05 15 72 e2 99 97 38 e5-37 a3 60 e1 59 2e 18 68 ..r...8.7.`.Y..h
    0040 - bf dd f7 96 d0 6d ad 9f-67 3f c8 7a 23 03 1b 12 .....m..g?.z#...
    0050 - aa 22 59 07 cc 87 bf de-85 80 54 c0 fa 2d c3 1f ."Y.......T..-..
    0060 - 9f 3e 76 fd e9 ac 6c 11-92 d7 99 94 5a 8a 85 43 .>v...l.....Z..C
    0070 - b1 b7 87 2a 86 29 71 1d-15 59 74 3a f2 71 77 a8 ...*.)q..Yt:.qw.
    0080 - 19 64 11 7c fb cf 04 9c-0c 38 9a 51 64 a0 be ad .d.|.....8.Qd...
    0090 - 81 1f 04 62 19 af 4d a1-ff 12 34 62 46 6b 84 24 ...b..M...4bFk.$
    00a0 - 56 85 f0 8b b9 b6 d0 05-af e9 8c 65 ee 84 69 d0 V..........e..i.
    00b0 - c9 1c d3 ce d8 3d f1 05-93 d2 d9 75 71 d7 8e f9 .....=.....uq...

    Start Time: 1680154286
    Timeout : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0

    Solution 2

    Use an online tool like "SSL Certificate Checker - Diagnostic Tool | DigiCert.com"