$ openssl s_client -connect keycloak.localhost:443CONNECTED(00000003)depth=1

1. $ openssl s_client -connect keycloak.localhost:443
2. CONNECTED(00000003)
3. depth=1 CN = Caddy Local Authority - ECC Intermediate
4. verify error:num=20:unable to get local issuer certificate
5. verify return:1
6. depth=0
7. verify return:1
8. ---
9. Certificate chain
10.  0 s:
11.    i:CN = Caddy Local Authority - ECC Intermediate
12.  1 s:CN = Caddy Local Authority - ECC Intermediate
13.    i:CN = Caddy Local Authority - 2020 ECC Root
14. ---
15. Server certificate
16. -----BEGIN CERTIFICATE-----
17. MIIBxjCCAWygAwIBAgIQEk8XxSxfQskJvKH+35KMVzAKBggqhkjOPQQDAjAzMTEw
18. LwYDVQQDEyhDYWRkeSBMb2NhbCBBdXRob3JpdHkgLSBFQ0MgSW50ZXJtZWRpYXRl
19. MB4XDTIwMDQyODAwNDkyMloXDTIwMDQyODEyNTAyMlowADBZMBMGByqGSM49AgEG
20. CCqGSM49AwEHA0IABN2n3GkrraSnH6boRklshtCSFeRdKUsT0CPIpwYuzKXXcqUK
21. SMof1zomBh7LLLEs5fs2RrSAeNFoCIYiCOlQIhqjgZQwgZEwDgYDVR0PAQH/BAQD
22. AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU/0ou
23. sH2MSXb5NBzxFihO0soDUv8wHwYDVR0jBBgwFoAU4mK074AMtcdTx7vx8qNE0uN9
24. jpYwIAYDVR0RAQH/BBYwFIISa2V5Y2xvYWsubG9jYWxob3N0MAoGCCqGSM49BAMC
25. A0gAMEUCIQDoSBlHbD9YxsOOJgiVfBEx84CbR/X/kMu9D8PDnZL0zgIgMcymGpOn
26. CyhcwU8yU2hW6B7lKIJCRCK9VOcge+7GmO0=
27. -----END CERTIFICATE-----
28. subject=
29.  
30. issuer=CN = Caddy Local Authority - ECC Intermediate
31.  
32. ---
33. No client certificate CA names sent
34. Peer signing digest: SHA256
35. Peer signature type: ECDSA
36. Server Temp Key: X25519, 253 bits
37. ---
38. SSL handshake has read 1276 bytes and written 384 bytes
39. Verification error: unable to get local issuer certificate
40. ---
41. New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
42. Server public key is 256 bit
43. Secure Renegotiation IS NOT supported
44. Compression: NONE
45. Expansion: NONE
46. No ALPN negotiated
47. Early data was not sent
48. Verify return code: 20 (unable to get local issuer certificate)
49. ---
50. ---
51. Post-Handshake New Session Ticket arrived:
52. SSL-Session:
53.     Protocol  : TLSv1.3
54.     Cipher    : TLS_AES_128_GCM_SHA256
55.     Session-ID: 7BC5BE0C0E687B0242AFD0ED46739A0B699A085DF05C83D6FFC54E17A5A054EF
56.     Session-ID-ctx:
57.     Resumption PSK: E026FBD6C1920FB682261CFA3F58766DC4C4EEEFCF2B48863AB31A22EE53469D
58.     PSK identity: None
59.     PSK identity hint: None
60.     SRP username: None
61.     TLS session ticket lifetime hint: 604800 (seconds)
62.     TLS session ticket:
63.     0000 - e2 cd 27 ed 84 81 e8 fc-f8 30 76 d3 a7 66 93 e1   ..'......0v..f..
64.    0010 - cd 00 b7 dd 3c d8 5c 85-84 7e 5a 31 74 6b 1c 68   ....<.\..~Z1tk.h
65.    0020 - 2d 59 c6 c6 19 bd 94 35-e5 c1 f7 64 91 91 09 06   -Y.....5...d....
66.    0030 - 93 ef 44 21 dd d4 86 11-16 ad bf ed ec 7a 1e 87   ..D!.........z..
67.    0040 - ff 8d 29 ec d0 fd 86 1a-a1 7d a1 84 56 a0 34 15   ..)......}..V.4.
68.    0050 - c4 43 40 03 6e a9 c8 46-75 4d d2 4b f1 92 71 7b   .C@.n..FuM.K..q{
69.    0060 - 2d 6d fa 19 6f cc 31 21-58 c8 d7 00 bd 1b 30 9a   -m..o.1!X.....0.
70.    0070 - b9                                                .
71.  
72.    Start Time: 1588035076
73.    Timeout   : 7200 (sec)
74.    Verify return code: 20 (unable to get local issuer certificate)
75.    Extended master secret: no
76.    Max Early Data: 0
77. ---