View SSL cert from terminal

Does your job or your natural curiosity require you to see a sites’ SSL certificate or other web server TLS info? Here a couple nifty ways to view the secure cert for a webserver and POP3 server from the Linux command line. Again, I am assuming that you are familiar with Linux and have the openssl binary installed on your system. Please read the openssl(1) manpage for futher options.

  • Web server certificate information on port 443 for www.sourceforge.net:

    ]$ openssl s_client -connect www.sourceforge.net:443


    Subsitute www.sourceforge.net with any domain of your choice. While you are at it, script it:

    Run it:

    ]$ ./get-cert.sh www.sourceforge.net

    Sample output:

    -----BEGIN CERTIFICATE-----
MIIDdDCCAt2gAwIBAgIDATMOMA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVT
MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4
IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDUwMzAzMDAwOTA0WhcN
MDYwNTAyMjMwOTA0WjCB4zELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD3NvdXJjZWZv
cmdlLm5ldDE8MDoGA1UECxMzaHR0cHM6Ly9zZXJ2aWNlcy5jaG9pY2Vwb2ludC5u
ZXQvZ2V0LmpzcD8zNzU0NTA4MDU2MTEwLwYDVQQLEyhTZWUgd3d3Lmdlb3RydXN0
LmNvbS9yZXNvdXJjZXMvY3BzIChjKTA0MS8wLQYDVQQLEyZEb21haW4gQ29udHJv
bCBWYWxpZGF0ZWQgLSBRdWlja1NTTChSKTEYMBYGA1UEAxMPc291cmNlZm9yZ2Uu
bmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaOEprZSkzvgVLV7O81A6w
wUH0w6ZwPO7K3zADrbELXXVWIU17WGTLcuhbCTohF45d+qopCULbE0UwY+Vk2mt+
2dXe97t1AgnCnO1OfYqD0qcBjAkjqyxIZwqCaKvpH/I6+hiyXrrMc/x/wNPL+OQv
v8Ycty+C2zO6gwkxvhbCowIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIE8DAdBgNV
HQ4EFgQU5+MABGMoIzyCZFts+vmATbqv704wOwYDVR0fBDQwMjAwoC6gLIYqaHR0
cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9nbG9iYWxjYTEuY3JsMB8GA1UdIwQY
MBaAFL6ooHRyUGtEt8kj2Puo/7NXa2hsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAKvJjpcpbPML
HzUzv4aOYaOgo+tQiLlSgoJXNXJdVCugZ6OQF/a/YKMatVIwImVUib8AgRxxAl6L
UCvL5c+uCgVSV2XNcn9Dc2+0Lr2YYFt5V3+pPfqe2MfrqAmd23Lf2lz+O8uO6HKD
BZK/N1kkMOo0WQnoz8OMurkae0grEfHS
-----END CERTIFICATE-----

    NOTE: Hit “enter” again after you run the script to disconect from the webserver.

  • POP3 server certificate information for mail.comcast.net on port 995: 

    ]$ openssl s_client -connect mail.comcast.net:995 -showcerts

    Note: If you run the command above, you will be connected to the mail server. To exit, type “quit”.

Why do you even need to know the cert information? Come on, you are asking me? Make up a reason that satisfies you and live with it ;).

About this entry

You’re currently reading “ View SSL cert from terminal ,” an entry on a little stupid blog

Published:
11.23.05 / 2pm
Category:
tips-n-tricks