If you have OpenSSL installed you can do: echo DONE | openssl s_client -connect ipaddress:port | openssl x509 -inform pem -noout -text | more
Which will show you the information for the server cert that is being presented On Sun, 27 Aug 2023 10:11:43 +0200, Peter Sylvester <[email protected]> wrote: >Hi, > >curl --verbose https://<whateverhost> > >may be sufficient > >Peter > > > >On 27/08/2023 09:43, Colin Paice wrote: >> See Collecting a tcpip packet trace on z/OS. >> <https://colinpaice.blog/2022/09/29/collecting-a-tcpip-packet-trace-on-z-os/> >> and how to export it to a wireshark format - which you can then use >> wireshark to process. >> >> On Sun, 27 Aug 2023 at 00:59, Gibney, Dave < >> [email protected]> wrote: >> >>> There's a free "wireshark" for z/OS. Something like >>> NBOS for z/OS >>> >>>> -----Original Message----- >>>> From: IBM Mainframe Discussion List <[email protected]> On >>>> Behalf Of Jerry Whitteridge >>>> Sent: Saturday, August 26, 2023 10:47 AM >>>> To: [email protected] >>>> Subject: Re: EXTERNAL EMAIL: Re: Retrieving Certificate details from a >>> server >>>> [EXTERNAL EMAIL] >>>> >>>> Thanks Charles I was just starting to look at if curl would do it. >>>> >>>> This is a TN3270 server on z/OS that I want to check what cert it is >>> presenting >>>> to the user for a TLS connection. >>>> >>>> J >>>> -----Original Message----- >>>> From: IBM Mainframe Discussion List <[email protected]> On >>>> Behalf Of Charles Mills >>>> Sent: Saturday, August 26, 2023 10:42 AM >>>> To: [email protected] >>>> Subject: EXTERNAL EMAIL: Re: Retrieving Certificate details from a server >>>> >>>> Well, I wrote a product that does exactly that in a beautiful graphic >>> fashion and >>>> is part of NewEra's ICEDirect suite. >>>> >>>> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furld >>>> efense.com%2Fv3%2F__https%3A%2F%2Fwww.newera.com%2FINFO%2FIC >>>> EDirect.pdf__%3B!!JmPEgBY0HMszNaDT!p7XN4J09CBWP5eaGgpdT2VAVnTc >>>> gOHI66aUmtmicKPvG- >>>> 4oXEGRcKDnH9yb_2KRZQg0s99_3guSOoyqqicnIdvXILxNY%24&data=05%7C >>>> 01%7CGIBNEY%40WSU.EDU%7C0436f4fd6f0d41e45b3608dba65c7453%7C >>>> b52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C638286688235202 >>>> 429%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu >>>> MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4NW >>>> Vk9ZbssYTQSffyGgNsMixH22r32oxKNNzbLUJgCA%3D&reserved=0 >>>> >>>> Does that count? <g> >>>> >>>> For free tools >>>> >>>> 1. Is it a Web server? If so most browsers will display the server >>> certificate and >>>> the entire chain of trust. Click on the padlock icon next to the URL and >>> take it >>>> from there. >>>> >>>> 2. Perhaps you can do this with OpenSSL? I think so but don't know the >>>> details. >>>> >>>> 3. Can you do this with curl? Seems likely but I am not a curl expert. >>>> >>>> Charles >>>> >>>> On Sat, 26 Aug 2023 16:52:46 +0000, Jerry Whitteridge >>>> <[email protected]> wrote: >>>> >>>>> I used to use a java command to check on my certs on the mainframe >>>>> >>>>> keytool -printcert -sslserver <hostIP>:port >>>>> >>>>> but now all I get is a message >>>>> >>>>> XXXXXXX:/u/xxxxxxx:>keytool -printcert -V -sslserver yyyy.yyyyyyy.com >>>>> keytool error: java.lang.Exception: No certificate from the SSL server > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
