However, trying to get an SSL certificate working with your local server kind of sucks if you’re not using a tool that handles it for you like Valet. If you’ve ever tried to run an HTTPS site locally, you’ve probably seen something like the following in Chrome: The workaround used to be creating a self-signed certificate and using that. However, it’s entirely possible to make your website secure by installing a Free SSL certificate. A combination of HTTP and SSL enables websites to maintain an encrypted connection over the internet. SSL For Free is an open source certificate authority that makes it easy for everyone to install SSL certificates. In this article, we will guide you through a step by step tutorial on how you can install a free SSL certificate on your WordPress site. OpenSSL is a very useful open-source command-line toolkit for working with X.509 certificates, certificate signing requests (CSRs), and cryptographic keys. If you are using a UNIX variant like Linux or macOS, OpenSSL is probably already installed on your computer.
From time to time it may be necessary to verify what certificate is being presented by the server that you are connecting to. Sometimes this is a SMTP server or it could be a web server. While there are multiple methods that can be used to validate a certificate presented from a server I am going to be focusing on openssl here.
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. OpenSSL is available for multiple platforms including Linux, MacOS & Windows (via gnuwin32). For this article I will be using the Windows version of OpenSSL which can be downloaded from http://gnuwin32.sourceforge.net/packages/openssl.htm.
The syntax that we use depends on what type of server we are querying. To query a web server you would do the following:
To query a smtp server you would do the following:
Where <server> is replaced with the fully qualified domain name (FQDN) of the server we want to check. The output generated contains multiple sections with --- spearators between them. The following example is showing a connection on port 443 against outlook.office365.com. The first section presented is around the connection information:
The next section contains details about the certificate chain:
The actual public server certificate is next:
Following the server certificate we see the Certificate Subject and Issuer:
If there is a client certificate sent it would be presented next:
We next see details about the particular SSL handshake that occurred:
Next if we query a SMTP server on port 25 with the -starttls smtp parameters we will get back the information from that server. Below is an example of one of the output from this type of query:
In both of these examples the typical information that we use in troubleshooting is the certifcate chain.
Depending on the problem I'm dealing with I'll make a determination on how I want to proceed next. If the system you are connecting from is receiving regular root certificate updates there shouldn't be any issues with the root certificates.
The most common issue that I see around certificates is missing root certificates. These problems are easily resolved by ensuring that you have installed the most recent root certificate update for your system.
If you find that the proper root certificates have been installed on the system the next thing to check is that you can reach the certificate revolcation list (CRL) to verify that the certificate is still valid. This requires internet access and on a Windows system can be checked using certutil.
At the very bottom of the output you should see:
If you don't have access to the internet you will see an error at this point.