== OpenSSL Linux command line ssl tool ==
 * Links [[security/ssl]] , [[LinuxCurl]], [[easy-rsa]] , [[LetsEncrypt]]
 * [[OpenSslSelfSignedCertificate| openssl self signed certificate with keyUsage flags ]]
 * Online check cert + chain: https://tools.keycdn.com/ssl

=== Verify a web server certificate ===
 * {{{ openssl s_client -showcerts -connect my.test.com:443 }}}
   * Output should end on "Verify return code: 0 (ok)"
   * As of 2017 the TLS Protocol should be TLSv1.2 at least.

 * For sni you can add '''-servername xyz.test.com'''

=== OpenSSL retrieve url ===
 * retrieve url, e.g. /healthz, note -ign_eof to wait for more input from echo {{{
time echo -e "GET /healthz HTTP/1.1\r\nConnection: close\r\nHost: pieter\r\n\r\n" |\
 openssl s_client -ign_eof  -connect 172.24.0.3:443
}}}

=== SSL speed testing ===
 * speed testing {{{
openssl s_time -connect 172.17.0.2:443 -www "/welcome/"
openssl s_time -connect 172.17.0.2:443 -www /

curl -s -w 'Testing Website Response Time for :%{url_effective}\n\nLookup Time:\t\t%{time_namelookup}\nConnect Time:\t\t%{time_connect}\nPre-transfer Time:\t%{time_pretransfer}\nStart-transfer Time:\t%{time_starttransfer}\n\nTotal Time:\t\t%{time_total}\n' -o /dev/null https://172.17.0.2
}}}
 * slow {{{
231 connections in 0.29s; 796.55 connections/user sec, bytes read 57981
231 connections in 31 real seconds, 251 bytes read per connection
}}}
 * fast {{{
30821 connections in 8.14s; 3786.36 connections/user sec, bytes read 6749799
30821 connections in 31 real seconds, 219 bytes read per connection
}}}

 * OpenSSL smtp certificate verify [[https://wiki.vigor.nz/linux/PostFixEmail]]

httping