Socket errors running “openssl s_client -showcerts”
I have a .PEM file that I want to install on a Tomcat server. The file looks something like this:
friendlyName:
subject=CN=myserver.ca.example.com, OU=servers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Issuing CA G3, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
subject=CN=Example Basic Assurance Software Issuing CA G3, OU=certservers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
subject=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E2EC8A310F02CA01
xxxxxxxx
-----END RSA PRIVATE KEY-----
When I run the command "openssl s_client -showcerts -cert myserver.pem", I get this:
Enter pass phrase for myserver.pem:
socket: Bad file descriptor
connect:errno=9
I'm not sure why I'm getting this when I just want to show the certificates in the file. I've tried various options, such as -prexit, and I'm not seeing anything useful. Do I need to extract the root certificate and install it somewhere? If so, where? Or is my problem something completely different?
ssl certificate
add a comment |
I have a .PEM file that I want to install on a Tomcat server. The file looks something like this:
friendlyName:
subject=CN=myserver.ca.example.com, OU=servers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Issuing CA G3, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
subject=CN=Example Basic Assurance Software Issuing CA G3, OU=certservers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
subject=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E2EC8A310F02CA01
xxxxxxxx
-----END RSA PRIVATE KEY-----
When I run the command "openssl s_client -showcerts -cert myserver.pem", I get this:
Enter pass phrase for myserver.pem:
socket: Bad file descriptor
connect:errno=9
I'm not sure why I'm getting this when I just want to show the certificates in the file. I've tried various options, such as -prexit, and I'm not seeing anything useful. Do I need to extract the root certificate and install it somewhere? If so, where? Or is my problem something completely different?
ssl certificate
1
The s_client subcommand of the openssl command line tool is for making TLS connections to a server. If you just want to see the contents of a .pem, use the x509 subcommand.
– Spiff
Jan 2 at 23:16
add a comment |
I have a .PEM file that I want to install on a Tomcat server. The file looks something like this:
friendlyName:
subject=CN=myserver.ca.example.com, OU=servers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Issuing CA G3, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
subject=CN=Example Basic Assurance Software Issuing CA G3, OU=certservers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
subject=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E2EC8A310F02CA01
xxxxxxxx
-----END RSA PRIVATE KEY-----
When I run the command "openssl s_client -showcerts -cert myserver.pem", I get this:
Enter pass phrase for myserver.pem:
socket: Bad file descriptor
connect:errno=9
I'm not sure why I'm getting this when I just want to show the certificates in the file. I've tried various options, such as -prexit, and I'm not seeing anything useful. Do I need to extract the root certificate and install it somewhere? If so, where? Or is my problem something completely different?
ssl certificate
I have a .PEM file that I want to install on a Tomcat server. The file looks something like this:
friendlyName:
subject=CN=myserver.ca.example.com, OU=servers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Issuing CA G3, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
subject=CN=Example Basic Assurance Software Issuing CA G3, OU=certservers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
subject=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
issuer=CN=Example Basic Assurance Software Root CA G2, OU=certservers, O=Example, C=US
-----BEGIN CERTIFICATE-----
xxxxxxxx
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E2EC8A310F02CA01
xxxxxxxx
-----END RSA PRIVATE KEY-----
When I run the command "openssl s_client -showcerts -cert myserver.pem", I get this:
Enter pass phrase for myserver.pem:
socket: Bad file descriptor
connect:errno=9
I'm not sure why I'm getting this when I just want to show the certificates in the file. I've tried various options, such as -prexit, and I'm not seeing anything useful. Do I need to extract the root certificate and install it somewhere? If so, where? Or is my problem something completely different?
ssl certificate
ssl certificate
asked Jan 2 at 22:50
samwysesamwyse
1133
1133
1
The s_client subcommand of the openssl command line tool is for making TLS connections to a server. If you just want to see the contents of a .pem, use the x509 subcommand.
– Spiff
Jan 2 at 23:16
add a comment |
1
The s_client subcommand of the openssl command line tool is for making TLS connections to a server. If you just want to see the contents of a .pem, use the x509 subcommand.
– Spiff
Jan 2 at 23:16
1
1
The s_client subcommand of the openssl command line tool is for making TLS connections to a server. If you just want to see the contents of a .pem, use the x509 subcommand.
– Spiff
Jan 2 at 23:16
The s_client subcommand of the openssl command line tool is for making TLS connections to a server. If you just want to see the contents of a .pem, use the x509 subcommand.
– Spiff
Jan 2 at 23:16
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389977%2fsocket-errors-running-openssl-s-client-showcerts%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389977%2fsocket-errors-running-openssl-s-client-showcerts%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
The s_client subcommand of the openssl command line tool is for making TLS connections to a server. If you just want to see the contents of a .pem, use the x509 subcommand.
– Spiff
Jan 2 at 23:16