How to simulate connection to HTTPS and record the handshake?
I have a ranch of IIS 6 internet servers organizing an internet site over HTTP and also HTTPS. With Safari 4 on a Mac, attaching over HTTPS, some nodes in the ranch cause the internet browser to raise a certificate mistake to the customer, the various other nodes function penalty. Constantly the very same nodes create the trouble yet the trouble does not show up to take place in IE or Chrome.
I assume these nodes in the ranch are misconfigured yet I can not conveniently recognize the trouble from considering the specific web server arrangements. I would certainly such as to aim a customer - side device at a well-known excellent node and also record the SSL customer and also web server hello there, the certificate message, the key exchange, etc from the customer is viewpoint, unencrypted and afterwards repeat on a well-known trouble node and afterwards contrast.
Can you please recommend any kind of Windows devices for this, or probably a far better means to detect the mistake?
How is the ranch set up? If you can see each node of the ranch (i.e. you get on the very same network straight or using VPN, or they have public encountering IP addresses), could you not connect per and also see which is having certificate troubles?
For each and every node:
- entirely close your internet browser (in instance it has actually cached the IP address related to the name, as we will transform that organization in your area in the next action)
- associate its straight address with the (below) domain that you anticipate to be on the certificate by including an access in your hosts documents (c: bkslshwindowsbkslshsystem32bkslshdriversbkslshetcbkslshhosts on the majority of Windows arrangements)
- open your internet browser and also most likely to the website
Have an appearance at fiddler2 - http://www.fiddler2.com
"Fiddler is a Web Debugging Proxy which logs all HTTP (S) website traffic in between your computer system and also the Internet. Fiddler permits you to evaluate all HTTP (S) website traffic, set breakpoints, and also "fiddle" with inbound or outward bound information. Fiddler consists of an effective occasion - based scripting subsystem, and also can be expanded making use of any.NET language."
Fiddler is a wonderful basic objective internet debugging device. Currently, for your objectives you could intend to incorporate the suggestions from David in regards to attaching per of the web servers independently with the capacity to map from Fiddler what is taking place. It is clearly key to recognize which web server you are attaching to to make sure that you can recognize specifically where the trouble exists
You can make use of the adhering to command to be really verbose concerning the SSL ha-ake:
openssl s_client -debug -msg -state -status -showcerts -connect <host>:443
You can after that go down several of the debates off if you desire to be much less friendly.
You might additionally desire to define
-CAfile with your single finalizing CA.