cn_dnsbl $ openssl s_client -connect ads.google.com:443 CONNECTED(00000005) depth=0 C = CA, ST = ST_DNSBL, L = LN_DNSBL, O = ON_DNSBL, OU = OU_DNSBL, CN = CN_DNSBL, emailAddress = dnsbl@example.com verify error:num=18:self signed certificate verify return:1 depth=0 C = CA, ST = ST_DNSBL, L = LN_DNSBL, O = ON_DNSBL, OU = OU_DNSBL, CN = CN_DNSBL, emailAddress = dnsbl@example.com verify error:num=26:unsupported certificate purpose verify return:1 depth=0 C = CA, ST = ST_DNSBL, L = LN_DNSBL, O = ON_DNSBL, OU = OU_DNSBL, CN = CN_DNSBL, emailAddress = dnsbl@example.com verify return:1 --- cn_dnsbl How to get it? cn_dnsbl Certificate chain 0 s:C = CA, ST = ST_DNSBL, L = LN_DNSBL, O = ON_DNSBL, OU = OU_DNSBL, CN = CN_DNSBL, emailAddress = dnsbl@example.com i:C = CA, ST = ST_DNSBL, L = LN_DNSBL, O = ON_DNSBL, OU = OU_DNSBL, CN = CN_DNSBL, emailAddress = dnsbl@example.com --- Server certificate -----BEGIN CERTIFICATE----- MIIElTCCA32gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCQ0Ex ETAPBgNVBAgUCFNUX0ROU0JMMREwDwYDVQQHFAhMTl9ETlNCTDERMA8GA1UEChQI T05fRE5TQkwxETAPBgNVBAsUCE9VX0ROU0JMMREwDwYDVQQDFAhDTl9ETlNCTDEg MB4GCSqGSIb3DQEJARYRZG5zYmxAZXhhbXBsZS5jb20wHhcNMTkwOTExMDUwOTAx cn_dnsbl How to get it for free? cn_dnsbl WhcNMjkwOTA4MDUwOTAxWjCBjjELMAkGA1UEBhMCQ0ExETAPBgNVBAgUCFNUX0RO U0JMMREwDwYDVQQHFAhMTl9ETlNCTDERMA8GA1UEChQIT05fRE5TQkwxETAPBgNV BAsUCE9VX0ROU0JMMREwDwYDVQQDFAhDTl9ETlNCTDEgMB4GCSqGSIb3DQEJARYR ZG5zYmxAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDHdLfj6SUJd1N8ChGHkCuzTb7dxsF8IBJJGTtmn0Uo9Q8+HMD6FRFW6QKCNeag wbh0VdtvRcQl7I/u1o5Vkv36ZUle9TV23u54yGkFomMPhmxwNS6rE207+5wtvvBQ uZ+Ng1RqfJ4Id91BGZXC31T1fhTszGoqoSje6X/kACi5BMhTV3k0mU9GfreqDC+4 tqhvlJDpEJhza+16e21LDTDJKqoWetpD3uCkpG+AVifvkuz5fXXWQkHxV/7k4Xhe ylxJjuP9HVjHndTTyPXbIT0ZMgFF+33K7O5r+CObX8NK0pHXy7FtLL6nlHZl5txo judXKvRHe6KbXbCQ3ULifnaDAgMBAAGjgfswgfgwHQYDVR0OBBYEFPkwtf/u327z cn_dnsbl How to get it for free? cn_dnsbl 26DPb62koDRIkcP0MIG7BgNVHSMEgbMwgbCAFPkwtf/u327z26DPb62koDRIkcP0 oYGUpIGRMIGOMQswCQYDVQQGEwJDQTERMA8GA1UECBQIU1RfRE5TQkwxETAPBgNV BAcUCExOX0ROU0JMMREwDwYDVQQKFAhPTl9ETlNCTDERMA8GA1UECxQIT1VfRE5T QkwxETAPBgNVBAMUCENOX0ROU0JMMSAwHgYJKoZIhvcNAQkBFhFkbnNibEBleGFt cGxlLmNvbYIBADAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B AQUFAAOCAQEAhs3eHgSdpnBC7NC2EynRrGGwl70R1LZJABdXQvcTdGXU62PAT4Xw AxjnpEyGacofZYiqbVInJXbC5ewUDC7IEtadEY8KPW4Vi9z1OQ1gigcYE9zGLiuz 3CYsovu+p8yOT976ftvld7nzBl5jEXY0PsvIYsIOdwImTAL0vXc54nHpw9gBUADQ cdfwo25maNWv0HPu1ofWBo8hCpEKmi14kIUCCr+6SikuKIBw9ddCxOt8s5itSWhT gaonYDRiNUFNjBjCFxjY5yPeHbT2Gnokg34gDwc6qIDiVX0P6p1iCvQjSPCVF1dS cn_dnsbl How to get it for free? cn_dnsbl FanWA5gN7Kp4JoABxmSTbLpaPjVtYL1WKA== -----END CERTIFICATE----- subject=C = CA, ST = ST_DNSBL, L = LN_DNSBL, O = ON_DNSBL, OU = OU_DNSBL, CN = CN_DNSBL, emailAddress = dnsbl@example.com issuer=C = CA, ST = ST_DNSBL, L = LN_DNSBL, O = ON_DNSBL, OU = OU_DNSBL, CN = CN_DNSBL, emailAddress = dnsbl@example.com --- No client certificate CA names sent Peer signing digest: SHA512 Peer signature type: RSA Server Temp Key: ECDH, P-384, 384 bits --- cn_dnsbl How to get it for free? cn_dnsbl SSL handshake has read 1883 bytes and written 474 bytes Verification error: unsupported certificate purpose --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: cn_dnsbl PasteShr cn_dnsbl Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 99A9F883917042B71A1FBC96A11C0530798A6C3C8EF10E220CCBA2096E278E57 Session-ID-ctx: Master-Key: 292BF28169D84DD40A0C4B1310598464493A413F0961F761F19F5EAA7484DDF98C722E05BF5359865828F5044C28F38F PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: cn_dnsbl How to get it? cn_dnsbl 0000 - 30 6f 59 46 35 00 1b 68-14 1e 2d da e7 ac 6d 33 0oYF5..h..-...m3 0010 - 61 09 68 1f 5b 56 20 47-34 6f 1f 84 81 c3 26 c7 a.h.[V G4o....&. 0020 - eb 19 d8 93 f0 2d 7e c4-22 c4 e1 25 b7 d3 35 31 .....-~.“..%..51 0030 - 04 bb b4 a5 36 de dc af-5c 71 4c 9a d0 a3 23 92 ....6...\qL...#. 0040 - f3 b6 b6 cf 56 b2 87 65-cc f5 69 33 ab 3e af a7 ....V..e..i3.>.. 0050 - 2d ad 64 b8 b9 47 ba 4a-99 f2 95 a2 54 8c 68 70 -.d..G.J....T.hp 0060 - bb 38 5d 36 86 d9 80 da-3e 68 20 4d 8f 95 29 4a .8]6....>h M..)J 0070 - c6 62 0e aa 8a d5 2e 3f-12 0f 64 93 2b 67 3f 79 .b.....?..d.+g?y 0080 - 47 01 e0 7d 8f d7 62 d7-66 02 f2 18 e1 b2 61 03 G..}..b.f.....a. 0090 - e7 34 d7 32 b4 aa ce 5e-2f 56 e3 19 e1 30 f3 e7 .4.2...^/V...0.. cn_dnsbl PasteShr cn_dnsbl 00a0 - 80 37 23 03 72 e7 eb 32-ed 9a 74 85 aa 28 db bb .7#.r..2..t..(.. Start Time: 1578886534 Timeout : 7200 (sec) Verify return code: 26 (unsupported certificate purpose) Extended master secret: no --- From a VPS out somewhere else: $ openssl s_client -connect ads.google.com:443 CONNECTED(00000003) depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign cn_dnsbl How to dowload it? cn_dnsbl verify return:1 depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.google.com i:/C=US/O=Google Trust Services/CN=GTS CA 1O1 1 s:/C=US/O=Google Trust Services/CN=GTS CA 1O1 cn_dnsbl How to use it? cn_dnsbl i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign --- Server certificate -----BEGIN CERTIFICATE----- MIIKDTCCCPWgAwIBAgIQLm8Mw7hBFxsIAAAAACQypDANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTE5MTIxMDA4MzUwN1oXDTIwMDMwMzA4MzUw N1owZjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAMMDCou Z29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ2/ClKq cn_dnsbl How to get it? cn_dnsbl x3OR36hDkR8iYo+Rv22SqFv09qgg+HbUqAS0iVvJwup1i6DxO0t+ZznnALFUdoC9 o6o4Bx+GSiX3hSBlF+ghvI2ipADU37ppWeYPVzCIB9/c06CVb4DST/Gu9daj46oZ PlZbGlV58d3mgzaEJQnfWVy9JqhYxx3YznrxjGqHrNd/aPPQaYkXMkuDZXhxQQ/1 mMJZFSzf45fhjkBhM045bINAYithkjp9YDn8b9bG1cCg/S36Xf+aT9MruE7EuPEr MPc3908mcCNhGV/gRdXsi1P5mH+N1PVw/YF0+XsKkULXV7FCJvbReSCvNEC5qF8y h+BJM0UJfRCWVdkCAwEAAaOCBtkwggbVMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE DDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBThwIWUFglETzHM Wlx8Li1oXxlZ3DAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBkBggr BgEFBQcBAQRYMFYwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0 czFvMTArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8xLmNy cn_dnsbl How to get it for free? cn_dnsbl dDCCBJ0GA1UdEQSCBJQwggSQggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22C FiouYXBwZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIYKi5j cm93ZHNvdXJjZS5nb29nbGUuY29tggYqLmcuY2+CDiouZ2NwLmd2dDIuY29tghEq LmdjcGNkbi5ndnQxLmNvbYIKKi5nZ3BodC5jboIOKi5na2VjbmFwcHMuY26CFiou Z29vZ2xlLWFuYWx5dGljcy5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIO Ki5nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IP Ki5nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5i coIPKi5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNv bS50coIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOC CyouZ29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xl cn_dnsbl How to get it for free? cn_dnsbl Lm5sggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNv bYIPKi5nb29nbGVhcGlzLmNughEqLmdvb2dsZWNuYXBwcy5jboIUKi5nb29nbGVj b21tZXJjZS5jb22CESouZ29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSou Z3N0YXRpYy5jb22CEiouZ3N0YXRpY2NuYXBwcy5jboIKKi5ndnQxLmNvbYIKKi5n dnQyLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22CDCoudXJjaGluLmNvbYIQKi51 cmwuZ29vZ2xlLmNvbYITKi53ZWFyLmdrZWNuYXBwcy5jboIWKi55b3V0dWJlLW5v Y29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNv bYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29tghphbmRy b2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVsb3Blci5h bmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2dsZS5jboIE cn_dnsbl How to dowload it? cn_dnsbl Zy5jb4IIZ2dwaHQuY26CDGdrZWNuYXBwcy5jboIGZ29vLmdsghRnb29nbGUtYW5h bHl0aWNzLmNvbYIKZ29vZ2xlLmNvbYIPZ29vZ2xlY25hcHBzLmNughJnb29nbGVj b21tZXJjZS5jb22CGHNvdXJjZS5hbmRyb2lkLmdvb2dsZS5jboIKdXJjaGluLmNv bYIKd3d3Lmdvby5nbIIIeW91dHUuYmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1 Y2F0aW9uLmNvbYIPeW91dHViZWtpZHMuY29tggV5dC5iZTAhBgNVHSAEGjAYMAgG BmeBDAECAjAMBgorBgEEAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9j cmwucGtpLmdvb2cvR1RTMU8xLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1 ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABbu8pm9MAAAQDAEYw RAIgO0i2CdiE8NX2+HzGT7fsZITdcvu4vpUTtVYPChfpUEcCIHEVwji9+MMbunLU rv9QSQq7MR6qqmu7cnZksjgR/+L0AHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIS cn_dnsbl How to get it for free? cn_dnsbl hBh1loFxRVgAAAFu7ymb8wAABAMARzBFAiEA1/U6MzzXSRJNNVAFIUPVev1TmS5q 54FX8No1vIrXrHECIHx+lLw5gYviWgWWzJ04iNWi27EMrxvrc4J88kUmavWBMA0G CSqGSIb3DQEBCwUAA4IBAQBmlGPbpJ7wiIl8MQKrnzkHRwRJRyGxseMKTkqa1ozM tQkVdDP0wBPg/O2GINQBfyWYczVHy5KwUNC1lzI7/qaXPy9Yh9axkCdF98KAcKpM 3YAYgvzzfithX5m4PyzyjC47oFsk7TluRb8Fpo02oFfVioXVWVteeru8/rbw8xmg wU4OmUjNaiFoUAq5/iaI3yItyrt6OrTS4Y15BkqkS5LFB0fiTSs1RK/VJIYevyB0 biCvUBEO0Kvy8ur/l1hizjQsstATbhP4jd07Uhsqt4y9+Cc2cqmXFIIYHt4HqQvq odpSJR0WgC8FojPg8AIZHgK0xW0BW+hE05ZdYFHb4SbK -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.google.com cn_dnsbl How to use it? cn_dnsbl issuer=/C=US/O=Google Trust Services/CN=GTS CA 1O1 --- No client certificate CA names sent Peer signing digest: SHA256 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4387 bytes and written 433 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit cn_dnsbl How to dowload it? cn_dnsbl Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 9A23C621F7DD1B3AFDD949EE0872D8A684FD6016F0937764E088EB36CC6D6BA8 Session-ID-ctx: Master-Key: 5BF95CBB55A48CD551D52D3B36A20414CF6F74F6E989FB9AAD523359F03F2F06DE13F7377D3F181C794D77041BD2542D cn_dnsbl How to get it for free? cn_dnsbl Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 100800 (seconds) TLS session ticket: 0000 - 00 f0 bb ae 7f 3a d3 16-50 28 1e 1a c8 ce a1 82 .....:..P(...... 0010 - b5 c8 b8 62 a2 a3 3f 3e-02 59 26 c9 a1 8c eb d6 ...b..?>.Y&..... 0020 - c9 03 a3 e7 c1 9e b5 d3-e2 27 27 41 ba 66 fc 3b .........‘’A.f.; 0030 - 37 5b 7f 0f 3a 23 f5 3a-c5 ba 31 8c 8c 50 1d 43 7[..:#.:..1..P.C cn_dnsbl How to get it? cn_dnsbl 0040 - e0 22 c3 10 2b cd 0c f5-bb 65 08 b3 d8 9e 8a 40 .“..+....e.....@ 0050 - 79 a3 0a 54 72 3f f8 96-bd f4 49 c6 10 80 03 25 y..Tr?....I....% 0060 - ee 30 18 30 c3 73 fd 3d-33 16 0a 6d eb 71 f5 b5 .0.0.s.=3..m.q.. 0070 - bc 3a 79 d9 00 ea c0 67-55 50 11 35 a9 db 23 7e .:y....gUP.5..#~ 0080 - 14 06 2e 84 62 23 c5 74-45 a8 f1 05 d4 c2 27 83 ....b#.tE.....’. 0090 - 44 dd 9c e5 74 7d 3e b0-dc 67 c5 5f c2 79 f2 a3 D...t}>..g._.y.. 00a0 - 97 66 c5 a2 52 0c 5d 33-72 0e ac db fd 92 14 ea .f..R.]3r....... 00b0 - 50 de 42 89 ae 76 0c 15-ce 14 3b 10 40 52 e6 70 P.B..v....;.@R.p 00c0 - bc f8 72 40 0b 91 58 ca-ed 4e 0a 3b 44 23 d0 cc ..r@..X..N.;D#.. 00d0 - d2 8e ab 93 c5 ..... cn_dnsbl How to get it? cn_dnsbl Start Time: 1578857650 Timeout : 300 (sec) Verify return code: 0 (ok) --- read:errno=0 cn_dnsbl