Skip to content
Latchkey

openssl s_server: A Throwaway TLS Server

openssl s_server runs a tiny TLS server, handy for testing clients without standing up a real service.

Pair s_server with a self-signed cert to give an integration test a real TLS endpoint to talk to, then kill it when the test ends.

What it does

openssl s_server listens on a port and terminates TLS using the certificate and key you provide. With -www it answers HTTP requests with a status page, enough for a client to complete a real handshake.

Common usage

Terminal
openssl req -x509 -newkey rsa:2048 -nodes \
  -keyout key.pem -out cert.pem -days 1 -subj "/CN=localhost"
openssl s_server -accept 8443 -cert cert.pem -key key.pem -www

Options

FlagWhat it does
-accept <port>Port to listen on
-cert <file>Server certificate
-key <file>Server private key
-wwwRespond to HTTP requests with a status page
-tls1_2 / -tls1_3Restrict the protocol version

In CI

Start s_server in the background (append & or run as a job), wait for the port, run the client test, then kill the process. Generate the cert with -days 1 since it only needs to live for the job.

Common errors in CI

"Error setting up acceptor socket ... Address already in use" means the port is taken; pick another or kill the prior server. "unable to load Private Key" means -key points at the wrong file or an encrypted key. "No certificate set" appears if -cert is missing.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →