Technical Blog Post
Abstract
Checking a certificate from a remote host
Body
Occasionally we encounter a circumstance where certificates have been checked in on both sides of an HTTP communications link and the authentication fails. This is sometimes a result of the difference certificate being checked in on the server side than expected. A quick way to check this is to use the following OpenSSL command to connect to the remote machine and display the certificate chain and public details of that chain. This can then be compared to the expected certificate chain to verify that the correct chain elements are in use and that all properties are correct.
openssl s_client -host hostname.company.com -port 443 -prexit -showcerts
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4PJT","label":"IBM Sterling Connect:Direct"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
UID
ibm11123449