How to check LDAPS certificate and TLS version

0
277

Get OpenSSL (a list of 3rd party sites here; I went with this one). The connection to your DC thus:

openssl s_client -connect <Domain_Controller>:636

To test a specific version add a switch like -tls1_2 or -tls1_1. If it fails you get an error like this (this was me asking for TLS1.1):

CONNECTED(000002F4)
 51720:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:.\ssl\s3_pkt.c:1498:SSL alert number 70
 51720:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:.\ssl\s3_pkt.c:659:
 no peer certificate available
 No client certificate CA names sent
 SSL handshake has read 7 bytes and written 0 bytes
 New, (NONE), Cipher is (NONE)
 Secure Renegotiation IS NOT supported
 Compression: NONE
 Expansion: NONE
 No ALPN negotiated
 SSL-Session:
     Protocol  : TLSv1
     Cipher    : 0000
     Session-ID:
     Session-ID-ctx:
     Master-Key:
     Key-Arg   : None
     PSK identity: None
     PSK identity hint: None
     SRP username: None
     Start Time: 1603452101
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)

Hope that helps someone!

LEAVE A REPLY

Please enter your comment!
Please enter your name here