In a Linux or Windows system how do I check if the certificate from a webserver is valid using java command line? |
This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers. Download the tool found here https://communities.bmc.com/docs/DOC-129733 Prepare a text file (eg: testSSL.txt ) on a known location (eg: save it on the same folder as TestHttpClient.jar) with the following contents: GET https://localhost:8443 then execute this command line java -jar TestHttpClient.jar <TEXT_FILE_LOCATION_AND_NAME> --debugHTTP --debugSSL > evidence.log 2>&1 following the example above: java -jar TestHttpClient.jar testSSL.txt --debugHTTP --debugSSL > evidence.log 2>&1 The evidence.log will contain the following if the certificate wasn't trusted main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetOn the other hand if the ssl certificate is trusted check handshake state: finished[20] update handshake state: finished[20] *** Finished verify_data: { 229, 159, 191, 86, 176, 21, 48, 201, 208, 192, 143, 96 } *** %% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] [read] MD5 and SHA1 hashes: len = 16 0000: 14 00 00 0C E5 9F BF 56 B0 15 30 C9 D0 C0 8F 60 .......V..0....` 2020/08/10 16:16:50:971 CDT [DEBUG] SSLConnectionSocketFactory - Secure session established 2020/08/10 16:16:50:971 CDT [DEBUG] SSLConnectionSocketFactory - negotiated protocol: TLSv1.2 2020/08/10 16:16:50:971 CDT [DEBUG] SSLConnectionSocketFactory - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ..... 2020/08/10 16:16:50:976 CDT [DEBUG] MainClientExec - Executing request GET / HTTP/1.1 2020/08/10 16:16:50:976 CDT [DEBUG] MainClientExec - Target auth state: UNCHALLENGED 2020/08/10 16:16:50:977 CDT [DEBUG] MainClientExec - Proxy auth state: UNCHALLENGED 2020/08/10 16:16:50:978 CDT [DEBUG] wire - http-outgoing-0 >> "GET / HTTP/1.1[\r][\n]"Note that *** is produced in some java versions and not all |