How do I validate the ssl chain served by server for a internal site ? I found online tools like ssl labs that do this but they don't work for a internal network site . I tried OpenSSL and inputted site url and it says the site's chain is ok. But still we are having issues with some Android devices not trusting the server . Is there any other way to validate the certificate chain being served by my server ?
CodePudding user response:
For public HTTPS endpoints, we can use an online service to check its certificate. For Azure SignalR Service instances, you can use the lonos SSL checker. There are also other SSL certificate testing services online, such as the one from SSLlabs.com.
If you can't use a browser or an online service - possibly because the internal environment prevents getting the provided certificate chain in this way. You can use a network trace to see the certificate chain, such as that obtained with Wireshark. In TLS negotiation, after Client Hello and Server Hello, the server will present its certificate to authenticate itself to the client. So, in the network trace, you see certificates, each with its serial number and issuer information.
More information can be obtained from this blog。