It is possible to test Secure Socket Layer (SSL) connectivity to a port on an NCM Application Server host from an external host or workstation using OpenSSL. OpenSSL is a free, open-source SSL distribution which is utilized internally by NCM and which can be dowloaded and installed on other hosts or workstations to test or establish production SSL connectivity to the NCM AS host. It is a fork and successor to the SSLeay open source SSL project. The Apache 1.0 and SSLeay Licenses apply.
To use OpenSSL to test SSL connectivity to the NCM AS host, do as follows:
openssl version
openssl s_client -connect {NCM AS Host IP}:443 -CApath {NCM Home Path}/conf/CA/
"CONNECTED(00000003)"
"SSL handshake has read 2987 bytes and written 447 bytes"
For example:
[root@ssl_client_host ~]# openssl s_client -connect 10.10.1.1:443 -CApath /opt/smarts-ncm/conf/CA/
CONNECTED(00000003)
depth=1 /C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=US/ST=Texas/L=Richardson/O=EMC/OU=NCM/CN=lab94as.smrtsupport.local/[email protected]
i:/C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
1 s:/C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
i:/C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEGDCCAwCgAwIBAgIDAIBJMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAklO
MQwwCgYDVQQIDANLYXIxEjAQBgNVBAcMCUJhbmdhbG9yZTEMMAoGA1UECgwDRU1D
MQwwCgYDVQQLDANOQ00xEjAQBgNVBAMMCU1BU1RFUktFWTEcMBoGCSqGSIb3DQEJ
ARYNYWRtaW5AZW1jLmNvbTAeFw0wMTAxMDEwMDAwMDBaFw0yNTAzMjcxOTAxMTFa
MIGiMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEzARBgNVBAcMClJpY2hh
cmRzb24xDDAKBgNVBAoMA0VNQzEMMAoGA1UECwwDTkNNMSIwIAYDVQQDDBlsYWI5
NGFzLnNtcnRzdXBwb3J0LmxvY2FsMS4wLAYJKoZIhvcNAQkBFh9Wb3llbmNlLUN1
c3RvbWVyU3VwcG9ydEBlbWMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAuHdWBWlQDUsqMBFK1ZheKsmK0B49yWPr9UXmHmEOKrdhHHbTOknCGjEr
R3c9IVDNB9dgoVSLfDTo5BCJm+dLOCNC4tu+3m06K8TqfVqhfARxspOCdEHwsPPP
HOa/mbI5Ro52fd3l55jHEMRTT450JlFX8PQ6uhwt66FB60ZZ83MO07vqrxXGh6YI
J11hPc5DWNBD2klODD56gbMoMUXwU9wcl/7xN5cB5q7O/BTtJdrucCwsI1fmY2Fs
+G9iC6rXJaHWSIJ0Wg0QQxBD3Gxmi4tsPDf3UeEXReKtDcRsmIjpKpCRkc5iv4Gu
QGGI8hXHbST2TqFtQSCvtNTCv0S3xwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUvT1/cBCUROsQxZ0zFVaRKYAFcGEwHwYDVR0jBBgwFoAUzlpreNu+uYP180/j
kcTd8Sz7H68wDQYJKoZIhvcNAQELBQADggEBAHpVCA672de4WDKfdBfVQkt7Gder
ntK7Fi31px9aOxYIZVnx9v63USBlQ+zc9QVg+tS56MRQlG4TkA8RtJ/1C8msBhMt
Q6BfYRyRFEV+IEK/LICB1jaswLoiZb0v7UOcaK7O3kCol9ShWUkj3CyAUowISO4B
8shLPdJNu3PAcLVaEtwtISbEfyIpNukAEfppN2zeoMkLdcdBmpCF0NouF8sv9bsG
uL26t0JO0xY/scXNc8ha8xEuLHYY0jzexAvpGKwADX4k7EK+/Ban4EkEX232dqT9
oLwclqobg89xUMPtIrzgxUWvKMLBvqK5EMI8hAAAm4aNIeAPe75sJUeQbig=
-----END CERTIFICATE-----
subject=/C=US/ST=Texas/L=Richardson/O=EMC/OU=NCM/CN=lab94as.smrtsupport.local/[email protected]
issuer=/C=IN/ST=Kar/L=Bangalore/O=EMC/OU=NCM/CN=MASTERKEY/[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 2987 bytes and written 447 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: F3E9B904396A39518770BE807E46C96FD639CFB92A54B384C3E02B7CD400BAAD
Session-ID-ctx:
Master-Key: 287E27241D99324FB1C2F8E7C1378EA1BF3411DFDA35E2339ACEE616334F635DF6A58C0F2A86DB3F20AEEAF298FDAD80
Key-Arg : None
Krb5 Principal: None
Start Time: 1462891174
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---