This article shows you how to see a SSL connection (handhsake) to debug any problem with configuration for:
Check your firewall. Your port should be open
nmap -Pn -p T:443 localhost
nmap -Pn -p T:443 remote-hostname
Example of output where we can see that the port is open:
Starting Nmap 7.80 ( https://nmap.org ) at 2022-03-13 08:18 W. Europe Standard Time
Nmap scan report for remote-hostname (192.98.05.126)
Host is up (0.096s latency).
PORT STATE SERVICE
443/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds
Optionally, start the openssl test ssl server 1) if you want to see the server side.
openssl s_server \
-accept *:4433 `# accept connection from all hostname on the port 4433` \
-cert server-signed-certificate.pem \
-key server-private-key.pem \
-Verify 10 `# 10 is the depth chain and the client must supply a certificate or an error occurs ` \
-CAfile trusted-certificates-for-client-authentication.pem \
-state \
-debug
openssl s_server \
-accept *:4433 `# accept connection from all hostname to the port 4433` \
-cert server-signed-certificate.pem \
-key server-private-key.pem \
-Verify 10 `# 10 is the depth chain and the client must supply a certificate or an error occurs ` \
-www \
-CAfile trusted-certificates-for-client-authentication.pem \
-state \
-debug
Example of output:
verify depth is 10, must return a certificate
Using default temp DH parameters
ACCEPT
Then example of output from the server with only the state flag when a connection is made
SSL_accept:before SSL initialization
SSL_accept:before SSL initialization
SSL_accept:SSLv3/TLS read client hello
SSL_accept:SSLv3/TLS write server hello
SSL_accept:SSLv3/TLS write change cipher spec
SSL_accept:TLSv1.3 write encrypted extensions
SSL_accept:SSLv3/TLS write certificate request
SSL_accept:SSLv3/TLS write certificate
SSL_accept:TLSv1.3 write server certificate verify
SSL_accept:SSLv3/TLS write finished
SSL_accept:TLSv1.3 early data
SSL_accept:TLSv1.3 early data
depth=1 C = NL, O = Organisation, CN = Name
verify return:1
depth=1 C = NL, O = Organisation, CN = Name
verify return:1
SSL_accept:SSLv3/TLS read client certificate
SSL_accept:SSLv3/TLS read certificate verify
SSL_accept:SSLv3/TLS read finished
SSL_accept:SSLv3/TLS write session ticket
SSL_accept:SSLv3/TLS write session ticket
openssl s_client -connect localhost:4433 -state
openssl s_client -connect host:4433 \
-cert client-signed-certificate.pem \
-key client-private-key.pem \
-state -debug
curl -v \
--cert client-signed-certificate.pem \
--key client-private-key.pem \
https://example.com
Output via the browser to https://hostname:4433/index.html if the openssl server was started with the web option www