$ openssl s_client -connect supl.nokia.com:7275 -CAfile /etc/ssl/certs/ca-certificates.crt CONNECTED(00000003) depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority verify return:1 depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4 verify return:1 depth=0 C = NL, ST = Noord-Brabant, L = Veldhoven, O = HERE Global BV, CN = supl.nokia.com verify return:1 --- Certificate chain 0 s:/C=NL/ST=Noord-Brabant/L=Veldhoven/O=HERE Global BV/CN=supl.nokia.com i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIGWzCCBUOgAwIBAgIQNUQLMS6rnzbNIfXt19aBADANBgkqhkiG9w0BAQsFADB+ MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MDIxODAwMDAwMFoX DTE3MDUxNTIzNTk1OVowazELMAkGA1UEBhMCTkwxFjAUBgNVBAgMDU5vb3JkLUJy YWJhbnQxEjAQBgNVBAcMCVZlbGRob3ZlbjEXMBUGA1UECgwOSEVSRSBHbG9iYWwg QlYxFzAVBgNVBAMMDnN1cGwubm9raWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA34Z7l6qHrxge+eW/C8lNffowlsi/HKqWNRqsmV0g09unZ3Zp ptEXOvsHsZVshMUsL3h2OBQqPRM0Wkd9Ol9+ZKi5JZinxZg1AcJ407bJ7MA5W9aE XAWLGnZ7f+FaLpuZW34DuN8M3yk6e6BlEiSAfHPpzOd1GoMBYD/MiLzDmwE9GpAY pLxCc+pxiG2aqHydVvMKnYnB5Xyx2D1Ke8LJHVqMg+OqINeXqGNlDXDS9yReK+vS 8Hzy2abxF5O8/emWFle5vWCAvbAHs76MeZGyUkWeVxFAwdzq9XAxYmhuPOnxq50f Fk5fWwIoZUkIsLjQwafIjEg45s+LNPd0ct9xAQIDAQABo4IC5jCCAuIwGQYDVR0R BBIwEIIOc3VwbC5ub2tpYS5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EM AQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsG AQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9g z2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5z eW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0 cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNv bS9zcy5jcnQwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AN3rHSt6DU+mIIuB rYFocH4ujp0B1VyIjT0RxM227L7MAAABUvXU0HQAAAQDAEcwRQIhALnrb8gmpKob 6WD6R2NfNUDdxmEry6PbLdAgrYxoxd7YAiAq5oaIjTWuS7VvGOl7aSfxLxXKoX/H afFyFY759kv4RQB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAAB UvXU0LUAAAQDAEgwRgIhAIcx1pylH31cUgbUvXDu/Ue5DJwx2P187DQmxnPQIUmz AiEA7oNhaU1u9jf27FbMQAAnpMuNV1MNy1XCLNUyr9vmTQEAdgBo9pj4H2SCvjqM 7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVL11NCOAAAEAwBHMEUCIQCKc7VKuFgM RW3bUVUFZNlBxAh7GBZmK5MDQSe4twwewwIgPbZiWohxrz2KmebNq2aXBL6hZL4Q uDFi2mjHrB5Ddp0wDQYJKoZIhvcNAQELBQADggEBAAskbpaa0lzIpXoYRqemUzsd SWnzfTEIanTIpuXUUfYdtKvcPlJ496f+W9eR2nNv0W3+iNIdYUZ9Kua0v6iOw+s/ kL81zFBlDELXRjzVmMr5z0qC3i61aCAwhpWwQcp9PtrnSObxCs0I41oUoQt47H+L KJfIQQCPxHRNC0Szv6Q61vXbrGRiGOIlZKGXfWGTY4mtzrQoWezkL62uU1LCp2RM yIu3hgHTT8rJEAnPrgsZtK34gteKhjrVQwBFki0ewUZoC2/wyxCUYRiEVl+St1Rv Gi2Cz9WI6B5oycD+qMkWfjl4nMw3tREPxTX1mAQE9cvh5j+8b1cjEV+rUCwhxyA= -----END CERTIFICATE----- subject=/C=NL/ST=Noord-Brabant/L=Veldhoven/O=HERE Global BV/CN=supl.nokia.com issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 --- No client certificate CA names sent --- SSL handshake has read 5304 bytes and written 421 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: FA31BE7E16B88AA4065D88CF78256C136596EFEA30667A7773FD7AF6403A4DE1 Session-ID-ctx: Master-Key: 11D4F52DEA6E4324BD9276717F90F26FE76AE54F8FE65732244C22E080D11BFF537884DE502187F91FEA23580261842B Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1486306871 Timeout : 300 (sec) Verify return code: 0 (ok) --- DONE
$ openssl s_client -connect supl.nokia.com:7275 -CAfile /etc/ssl/certs/ca-certificates.crt CONNECTED(00000003) depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority verify return:1 depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4 verify return:1 depth=0 C = NL, ST = Noord-Brabant, L = Veldhoven, O = HERE Global BV, CN = supl.nokia.com verify return:1 --- Certificate chain 0 s:/C=NL/ST=Noord-Brabant/L=Veldhoven/O=HERE Global BV/CN=supl.nokia.com i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIGWzCCBUOgAwIBAgIQNUQLMS6rnzbNIfXt19aBADANBgkqhkiG9w0BAQsFADB+ MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MDIxODAwMDAwMFoX DTE3MDUxNTIzNTk1OVowazELMAkGA1UEBhMCTkwxFjAUBgNVBAgMDU5vb3JkLUJy YWJhbnQxEjAQBgNVBAcMCVZlbGRob3ZlbjEXMBUGA1UECgwOSEVSRSBHbG9iYWwg QlYxFzAVBgNVBAMMDnN1cGwubm9raWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA34Z7l6qHrxge+eW/C8lNffowlsi/HKqWNRqsmV0g09unZ3Zp ptEXOvsHsZVshMUsL3h2OBQqPRM0Wkd9Ol9+ZKi5JZinxZg1AcJ407bJ7MA5W9aE XAWLGnZ7f+FaLpuZW34DuN8M3yk6e6BlEiSAfHPpzOd1GoMBYD/MiLzDmwE9GpAY pLxCc+pxiG2aqHydVvMKnYnB5Xyx2D1Ke8LJHVqMg+OqINeXqGNlDXDS9yReK+vS 8Hzy2abxF5O8/emWFle5vWCAvbAHs76MeZGyUkWeVxFAwdzq9XAxYmhuPOnxq50f Fk5fWwIoZUkIsLjQwafIjEg45s+LNPd0ct9xAQIDAQABo4IC5jCCAuIwGQYDVR0R BBIwEIIOc3VwbC5ub2tpYS5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EM AQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsG AQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9g z2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5z eW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0 cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNv bS9zcy5jcnQwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AN3rHSt6DU+mIIuB rYFocH4ujp0B1VyIjT0RxM227L7MAAABUvXU0HQAAAQDAEcwRQIhALnrb8gmpKob 6WD6R2NfNUDdxmEry6PbLdAgrYxoxd7YAiAq5oaIjTWuS7VvGOl7aSfxLxXKoX/H afFyFY759kv4RQB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAAB UvXU0LUAAAQDAEgwRgIhAIcx1pylH31cUgbUvXDu/Ue5DJwx2P187DQmxnPQIUmz AiEA7oNhaU1u9jf27FbMQAAnpMuNV1MNy1XCLNUyr9vmTQEAdgBo9pj4H2SCvjqM 7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVL11NCOAAAEAwBHMEUCIQCKc7VKuFgM RW3bUVUFZNlBxAh7GBZmK5MDQSe4twwewwIgPbZiWohxrz2KmebNq2aXBL6hZL4Q uDFi2mjHrB5Ddp0wDQYJKoZIhvcNAQELBQADggEBAAskbpaa0lzIpXoYRqemUzsd SWnzfTEIanTIpuXUUfYdtKvcPlJ496f+W9eR2nNv0W3+iNIdYUZ9Kua0v6iOw+s/ kL81zFBlDELXRjzVmMr5z0qC3i61aCAwhpWwQcp9PtrnSObxCs0I41oUoQt47H+L KJfIQQCPxHRNC0Szv6Q61vXbrGRiGOIlZKGXfWGTY4mtzrQoWezkL62uU1LCp2RM yIu3hgHTT8rJEAnPrgsZtK34gteKhjrVQwBFki0ewUZoC2/wyxCUYRiEVl+St1Rv Gi2Cz9WI6B5oycD+qMkWfjl4nMw3tREPxTX1mAQE9cvh5j+8b1cjEV+rUCwhxyA= -----END CERTIFICATE----- subject=/C=NL/ST=Noord-Brabant/L=Veldhoven/O=HERE Global BV/CN=supl.nokia.com issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 --- No client certificate CA names sent --- SSL handshake has read 5304 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 7B20D6346EE3595B55010B4DEAC1AF886A55CD48F0E7B380767E0D15B23F9DB0 Session-ID-ctx: Master-Key: 3D9D14E0642329844E5FBDB5B0F95E915FB844C00A99BA1E70BA66CD33D24C58B38D52035DA67960429BDA0399941711 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1486306958 Timeout : 300 (sec) Verify return code: 0 (ok) --- DONE