[root@ela-hdatahis01 certs]# openssl s_client -verify_return_error -debug -connect kib-webhis01.ourdomain:9200 -CAfile /etc/pki/tls/certs/truststore.pem -key /etc/pki/tls/private/sgadmin-admin.key.pem -cert /etc/pki/ tls/certs/sgadmin-admin.crtfull.pem CONNECTED(00000003) write to 0x795e90 [0x7c1290] (289 bytes => 289 (0x121)) 0000 - 16 03 01 01 1c 01 00 01-18 03 03 e2 6a 8a 90 86 ............j... 0010 - c3 e2 00 3f 6e 03 c5 04-f2 a4 fd 00 ce 39 ec f3 ...?n........9.. 0020 - 4d 5f e9 27 12 ff 89 12-4f d3 68 00 00 ac c0 30 M_.'....O.h....0 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a5 00 a3 00 a1 .,.(.$.......... 0040 - 00 9f 00 6b 00 6a 00 69-00 68 00 39 00 38 00 37 ...k.j.i.h.9.8.7 0050 - 00 36 00 88 00 87 00 86-00 85 c0 32 c0 2e c0 2a .6.........2...* 0060 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../ 0070 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a4 00 a2 00 a0 .+.'.#.......... 0080 - 00 9e 00 67 00 40 00 3f-00 3e 00 33 00 32 00 31 ...g.@.?.>.3.2.1 0090 - 00 30 00 9a 00 99 00 98-00 97 00 45 00 44 00 43 .0.........E.D.C 00a0 - 00 42 c0 31 c0 2d c0 29-c0 25 c0 0e c0 04 00 9c .B.1.-.).%...... 00b0 - 00 3c 00 2f 00 96 00 41-c0 12 c0 08 00 16 00 13 .<./...A........ 00c0 - 00 10 00 0d c0 0d c0 03-00 0a 00 07 c0 11 c0 07 ................ 00d0 - c0 0c c0 02 00 05 00 04-00 ff 01 00 00 43 00 0b .............C.. 00e0 - 00 04 03 00 01 02 00 0a-00 0a 00 08 00 17 00 19 ................ 00f0 - 00 18 00 16 00 23 00 00-00 0d 00 20 00 1e 06 01 .....#..... .... 0100 - 06 02 06 03 05 01 05 02-05 03 04 01 04 02 04 03 ................ 0110 - 03 01 03 02 03 03 02 01-02 02 02 03 00 0f 00 01 ................ 0120 - 01 . read from 0x795e90 [0x7c67f0] (7 bytes => 7 (0x7)) 0000 - 16 03 03 00 5e 02 ....^. 0007 - read from 0x795e90 [0x7c67fa] (92 bytes => 92 (0x5C)) 0000 - 00 5a 03 03 07 06 64 e6-58 fd 94 dd 0a 19 7e ef .Z....d.X.....~. 0010 - ce 5d 6b 71 c9 5f 67 2b-f6 f1 38 06 03 1f 81 5c .]kq._g+..8....\ 0020 - a6 15 ab 70 20 e6 6a dc-50 2f 97 6e da 4a 8d 87 ...p .j.P/.n.J.. 0030 - 7e 0b b1 a2 a4 07 61 6c-e5 70 19 4b 4c 73 36 16 ~.....al.p.KLs6. 0040 - 57 f6 a8 0f 47 c0 27 00-00 12 ff 01 00 01 00 00 W...G.'......... 0050 - 0b 00 04 03 00 01 02 00-0f 00 01 01 ............ read from 0x795e90 [0x7c67f3] (5 bytes => 5 (0x5)) 0000 - 16 03 03 10 88 ..... read from 0x795e90 [0x7c67f8] (4232 bytes => 4232 (0x1088)) ... depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2 verify return:1 depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.ourdomain verify return:1 read from 0x795e90 [0x7c67f3] (5 bytes => 5 (0x5)) 0000 - 16 03 03 01 4d ....M read from 0x795e90 [0x7c67f8] (333 bytes => 333 (0x14D)) 0000 - 0c 00 01 49 03 00 17 41-04 ca 80 93 14 51 67 fc ...I...A.....Qg. 0010 - 04 30 c4 0e 6e 05 f2 85-5d ad af bb b0 ba db 78 .0..n...]......x 0020 - 73 93 d9 ab 62 76 e8 a3-f4 c2 cd a9 ec dd b2 9b s...bv.......... 0030 - b4 be 79 2c d5 82 a9 e6-ab a1 94 6e 15 c7 18 38 ..y,.......n...8 0040 - 0d 2a 4e a0 df 2f 1a f3-12 06 01 01 00 db f9 97 .*N../.......... 0050 - 22 66 b0 3a 80 3c 54 b8-84 0c c3 38 c9 65 27 24 "f.:.X.. 0090 - de 41 c2 73 46 e9 6f a5-e5 40 83 70 3d e2 1f c3 .A.sF.o..@.p=... 00a0 - c0 f4 2f 66 01 10 2f 1c-9b bd 9e 8f 5b 19 0c e0 ../f../.....[... 00b0 - 7a ef f2 2d cb b5 52 f8-7b a0 f3 9b 8a d8 3e fb z..-..R.{.....>. 00c0 - 99 e1 04 5b 9a 6f c8 3d-2c 59 e5 e6 28 be 69 e4 ...[.o.=,Y..(.i. 00d0 - 5d 8a f9 60 9d 5f 70 6b-23 60 91 2f 85 5d f4 77 ]..`._pk#`./.].w 00e0 - 3b 6e 20 ab b2 41 8a b4-48 29 13 46 c5 ee ae 9a ;n ..A..H).F.... 00f0 - f7 0e e4 c6 38 7f a5 3b-90 bf 96 60 1f 0d d4 66 ....8..;...`...f 0100 - c4 e1 b1 15 ed e4 bf 37-64 ae b0 b6 b5 a6 01 19 .......7d....... 0110 - 47 b1 7b 1a 04 68 02 f9-5d 1d 6a c3 43 e6 78 a4 G.{..h..].j.C.x. 0120 - 8e d7 f0 76 bb e0 31 d1-52 c4 7a b3 b2 2e f6 6d ...v..1.R.z....m 0130 - f0 fe 9d 5b 98 e4 33 ee-5b ca a0 d6 55 41 e1 62 ...[..3.[...UA.b 0140 - 9b 4a c0 d2 ba e2 71 3e-45 b2 db d0 da .J....q>E.... read from 0x795e90 [0x7c67f3] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 2e ..... read from 0x795e90 [0x7c67f8] (46 bytes => 46 (0x2E)) 0000 - 0d 00 00 26 03 01 02 40-00 1e 06 01 06 02 06 03 ...&...@........ 0010 - 05 01 05 02 05 03 04 01-04 02 04 03 03 01 03 02 ................ 0020 - 03 03 02 01 02 02 02 03-00 00 0e ........... 002e - write to 0x795e90 [0x7d0700] (1021 bytes => 1021 (0x3FD)) ... write to 0x795e90 [0x7d0700] (269 bytes => -1 (0xFFFFFFFFFFFFFFFF)) write:errno=32 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.ourdomain i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2 1 s:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2 i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIFDDCCA/SgAwIBAgIRALL9cP71VjvboBEnd43FlbswDQYJKoZIhvcNAQELBQAw XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy MB4XDTE3MTEwODAwMDAwMFoXDTE5MTEwODIzNTk1OVowZzEhMB8GA1UECxMYRG9t YWluIENvbnRyb2wgVmFsaWRhdGVkMSQwIgYDVQQLExtHYW5kaSBTdGFuZGFyZCBX aWxkY2FyZCBTU0wxHDAaBgNVBAMMEyouZWxhc3RpYy5pdC51YmMuY2EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD06aQIT221MWloA2aKPFav7QsDCUNf ycWLmLPTxBVFpQaR1LvZB5bkSG0rb08MQnYFSwVubLouB728lfYQG6N4x+sKWBeo jw2Pgtd+vx8sTSXlC95W2GQBGjg8LpSLdImOSyUeYFwyROpCTjC7//LC11trMj6N W1xaqcSrrlcTT+7ZsAad5UnkbWGEFYTR6LOfaQLV2kbPpzQJQB5BBngzSdWUpkfq 61mUT/8glyz6V9Ulm5oFgqOZHK+ND/OoZxGurYbym984R07zNrEpZp2wdEIeWvvL 2t+OTd6ROMxkl+DBDmJTcx0ezEGYhlH5zSWXMDB4xEZBn3ZRhpANMwQjAgMBAAGj ggG5MIIBtTAfBgNVHSMEGDAWgBSzkKfYya9OzWE8n3ytXX9B/Wkw6jAdBgNVHQ4E FgQUh9TB1KpbgdGkE+rNtOQIimFR7uswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB /wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEsGA1UdIAREMEIw NgYLKwYBBAGyMQECAhowJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy dXN0LmNvbTAIBgZngQwBAgEwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC51 c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3JsMHMGCCsGAQUFBwEB BGcwZTA8BggrBgEFBQcwAoYwaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0dhbmRp U3RhbmRhcmRTU0xDQTIuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2Vy dHJ1c3QuY29tMDEGA1UdEQQqMCiCEyouZWxhc3RpYy5pdC51YmMuY2GCEWVsYXN0 aWMuaXQudWJjLmNhMA0GCSqGSIb3DQEBCwUAA4IBAQBn6EDzPDL43+uurxKfPxEn zqHSnR4aWrMM+Z8dfa1EIAgSU+Zo1Njge+7SJbppVFL+32WonVM400Cb7rTHfxlS 3C6dB7Uzc71nZvBWyUHImltZTpGCw0lkCWQk6A6fP/97vSJAtZzRc0GKuaYjOfT1 OckAxVnEfVBFgvFhoaT0rZG/JVwiUK839LsLfYQ61ZUSw6qMPbHtG3nfW6bLQ1iI Jit5deWX1tiYzuYFi9Loi+q2yU2vI3cdZCTwVQnlMBF1Zofhtdf+mrJdYGzX7fsw 6eRKlJyUbRil2xZMZaVO3xjuHf0bXFwYEb0Hy+Gk7UJD6r4FV4Eg4rzhMRDeay4C -----END CERTIFICATE----- subject=/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.ourdomain issuer=/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2 --- No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4725 bytes and written 1365 bytes --- New, (NONE), Cipher is (NONE) Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: E66ADC502F976EDA4A8D877E0BB1A2A407616CE570194B4C73361657F6A80F47 Session-ID-ctx: Master-Key: 48D270C46AEE0E071716300CDF36032DBA6C7EF4018108012C4E96F643257230B4172C3098B4ED73F83D0D340F5C0317 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1510265586 Timeout : 300 (sec) Verify return code: 0 (ok) ---