This came up earlier today, in the context of seeking a mechanism to access HTTPS endpoints from a Unix command line.
Whilst we can use a browser e.g. Firefox, Chrome etc. to hit an endpoint in the normal manner, there is also a requirement to automate / script the process, and make it available from a Unix command line.
Most people would look to use a tool such as wget or curl to achieve this.
However, there's another option - to use the openssl command, which is of use in situations where wget and curl are not available, as is the case for my client's AIX environment.
The openssl command is often used to validate the existence of a HTTPS endpoint, and return information about the public key of the certificate being used.
For example, this is what I'd normally enter: -
openssl s_client -connect localhost:443 </dev/null
On my Mac, running WebSphere Liberty Profile in a Docker container, this returns metadata about the endpoint and the certificate e.g.
subject=/C=us/O=ibm/OU=defaultServer/CN=localhost
issuer=/C=us/O=ibm/OU=defaultServer/CN=localhost
---
No client certificate CA names sent
---
SSL handshake has read 1493 bytes and written 320 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
However, I can send HTTP methods to the target endpoint using openssl such as this: -
openssl s_client -connect localhost:443
GET / HTTP/1.1
[Enter]
which returns the HTML content of the default WebSphere Liberty Profile welcome page: -
HTTP/1.1 200 OK
Connection: Close
Content-Type: text/html; charset=UTF-8
Content-Length: 5339
Date: Mon, 19 Sep 2016 14:42:31 GMT