openssl

openssl comes with a nice commandline tool: openssl.

I used to check if some services (like http, smtp) are working by telnetting into them. Then i could just execute commands as needed. Usefull for example to check if an apache normaly accessed by a loadbalancer is serving something for a virtual host.

echo -e "GET / HTTP/1.1\nhost:www.example.com\n\n" |\
nc physical.example.com 80

But as encryption is on the raise i need to check https services. And that is something i can't do by hand.

openssl comes to the rescue.

openssl s_client -connect www.example.com:443

To make the same example as before, you can't simply replace the echo. openssl will terminate the connection as soon as the EOF ist sent via stdin. That is before the response is retrieved. So we make the echo in a subshell and add a sleep

(echo -e "GET / HTTP/1.1\nhost:www.example.com\n\n"; sleep 5) |\

openssl s_client -connect physical.example.com:443

Another nice thing is the check of certifcates. For example expiration date.

echo ""  |\
openssl s_client -connect www.example.com:443 |\
 openssl x509 -noout -enddate

Here the immediate termination by openssl is fine, we already got the cert.