[BlueOnyx:18605] Re: How to test your SSL certs?

Michael Stauber mstauber at blueonyx.it
Wed Oct 28 19:05:44 -05 2015 

Hi Larry,

> Ok, probably a silly question, but I have run various sslcheckers on several
> of my servers, used port 81, and port 444 and each comes back and tells me
> that no certificate was found.  What is the secret sauce to get your SSL cert?

The usual SSL checkers just check port 443 as that is where SSL is
usually used.

A good SSL checker is this one: https://www.ssllabs.com/ssltest/

It tells you all you need to know about the SSL on your public webserver.

As for the GUI and it's own SSL?

Port 444 uses the HTTP protocol. Port 81 uses HTTPS. So if you want to
test the SSL there you would run the tester against port 81.

To test that you can use "openssl" from the command line like this:

openssl s_client -connect 5209r.smd.net:81 -state -debug

It will show you everything that happens during the connect state such
as the protocol negotiation and the certificate exchange. At the end you
see the results:

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID:
1AF540FB925C1B64FF1A3D0DCD021F91E3EFE595B4413401934CEF626FC526D0
    Session-ID-ctx:
    Master-Key:
16EB1837FE0BA67AAA8D7D759ED65B858728E0B218D1DE1BB2BF8D19586A85268DE7546B651611E074A164A79A0D9A9B
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)

The SSL self signed SSSL certificate for the GUI is generated
automatically during initial setup of BlueOnyx. But you can re-generate
it (or install a real SSL certificate) via the GUI. You do that via
"Server Management" / "Security" / "SSL".

There is currently a bug in the mod-ssl for 5207R, 5208R, 5209R which
might result in the GUI page telling "There is currently no certificate
for this site." Although there sure *is* a certificate present for the GUI.

I'll fix this in an update today or tomorrow.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list