I'm currently trying to connect to an EPP server using openssl s_client to verify my connection. The below command outputs the following.
openssl s_client -connect example.com:700
Response:
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
41282:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL0 98-64.30.2/src/ssl/s3_pkt.c:1145:SSL alert number 40
41282:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.30.2/src/ssl/s23_lib.c:185:
I then proceeded to download the DigiCert SHA2 Secure Server CA from https://www.digicert.com/CACerts/DigiCertSHA2SecureServerCA.crt
I then re-attempted using a self-signed cert created with openssl, along with the new DigiCert certificate.
openssl s_client -connect example.com:700 -CAfile DigiCertSHA2SecureServerCA.crt -key key.pem -cert cert.pem -debug
And I get the same error. What could I be doing wrong here?
s_cientcommand is probably wrong. Use TLS 1.0 (or above) and Server Name Indication (SNI) to connect.openssl s_client -connect example.com:700 -tls1 -servername example.com– jww-tls1and-servername example.com. Still same response. Also tried-ssl2and-ssl3with same response. I'm guessing, from the response, that it's a certificate issue. I just have no idea how to fix the issue. I'm just shooting in the dark. – traviswingo