[openssl-users] Why no peer certificate available.

Jeffrey Walton noloader at gmail.com
Tue May 26 05:32:08 UTC 2015

On Mon, May 25, 2015 at 11:17 PM, Jerry OELoo <oyljerry at gmail.com> wrote:
> Hi.
> I found there is a website which has https support.
> https://www.ib-channel.net/miegin/web/jsp/B02-01.jsp
> and browser can show its certificate chain.
> but when I use openssl to connect website, it returns fail.
> openssl s_client -connect www.ib-channel.net:443
> CONNECTED(00000003)
> write:errno=104
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 305 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
> So what is wrong that openssl can not get website's certificate? Thanks!

I'm timing out from US/New York using Apple's downlevel version of
OpenSSL (0.9.8). But I'm succeeding with the latest version of OpenSSL
(1.0.2a). (It seems to be opposite of what Patrick is experiencing).

Also, you usually want to specify TLS and the server name. SSLv3 is
pretty much dead now. SNI also ensures the server selects the right
certificate at during channel setup.

    openssl s_client -connect www.ib-channel.net:443 \
        -tls1 -servername www.ib-channel.net

More information about the openssl-users mailing list