Hi,
curl --verbose https://<whateverhost>
may be sufficient
Peter
On 27/08/2023 09:43, Colin Paice wrote:
See Collecting a tcpip packet trace on z/OS.
<https://colinpaice.blog/2022/09/29/collecting-a-tcpip-packet-trace-on-z-os/>
and how to export it to a wireshark format - which you can then use
wireshark to process.
On Sun, 27 Aug 2023 at 00:59, Gibney, Dave <
[email protected]> wrote:
There's a free "wireshark" for z/OS. Something like
NBOS for z/OS
-----Original Message-----
From: IBM Mainframe Discussion List <[email protected]> On
Behalf Of Jerry Whitteridge
Sent: Saturday, August 26, 2023 10:47 AM
To: [email protected]
Subject: Re: EXTERNAL EMAIL: Re: Retrieving Certificate details from a
server
[EXTERNAL EMAIL]
Thanks Charles I was just starting to look at if curl would do it.
This is a TN3270 server on z/OS that I want to check what cert it is
presenting
to the user for a TLS connection.
J
-----Original Message-----
From: IBM Mainframe Discussion List <[email protected]> On
Behalf Of Charles Mills
Sent: Saturday, August 26, 2023 10:42 AM
To: [email protected]
Subject: EXTERNAL EMAIL: Re: Retrieving Certificate details from a server
Well, I wrote a product that does exactly that in a beautiful graphic
fashion and
is part of NewEra's ICEDirect suite.
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furld
efense.com%2Fv3%2F__https%3A%2F%2Fwww.newera.com%2FINFO%2FIC
EDirect.pdf__%3B!!JmPEgBY0HMszNaDT!p7XN4J09CBWP5eaGgpdT2VAVnTc
gOHI66aUmtmicKPvG-
4oXEGRcKDnH9yb_2KRZQg0s99_3guSOoyqqicnIdvXILxNY%24&data=05%7C
01%7CGIBNEY%40WSU.EDU%7C0436f4fd6f0d41e45b3608dba65c7453%7C
b52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C638286688235202
429%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4NW
Vk9ZbssYTQSffyGgNsMixH22r32oxKNNzbLUJgCA%3D&reserved=0
Does that count? <g>
For free tools
1. Is it a Web server? If so most browsers will display the server
certificate and
the entire chain of trust. Click on the padlock icon next to the URL and
take it
from there.
2. Perhaps you can do this with OpenSSL? I think so but don't know the
details.
3. Can you do this with curl? Seems likely but I am not a curl expert.
Charles
On Sat, 26 Aug 2023 16:52:46 +0000, Jerry Whitteridge
<[email protected]> wrote:
I used to use a java command to check on my certs on the mainframe
keytool -printcert -sslserver <hostIP>:port
but now all I get is a message
XXXXXXX:/u/xxxxxxx:>keytool -printcert -V -sslserver yyyy.yyyyyyy.com
keytool error: java.lang.Exception: No certificate from the SSL server
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
