View SSL cert from terminal
Does your job or your natural curiosity require you to see a sites’ SSL certificate or other web server TLS info? Here a couple nifty ways to view the secure cert for a webserver and POP3 server from the Linux command line. Again, I am assuming that you are familiar with Linux and have the openssl binary installed on your system. Please read the openssl(1) manpage for futher options.
-
Web server certificate information on port 443 for www.sourceforge.net:
]$ openssl s_client -connect www.sourceforge.net:443
Subsitute www.sourceforge.net with any domain of your choice. While you are at it, script it:
Run it:
]$ ./get-cert.sh www.sourceforge.net
Sample output:
-----BEGIN CERTIFICATE----- MIIDdDCCAt2gAwIBAgIDATMOMA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVT MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4 IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDUwMzAzMDAwOTA0WhcN MDYwNTAyMjMwOTA0WjCB4zELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD3NvdXJjZWZv cmdlLm5ldDE8MDoGA1UECxMzaHR0cHM6Ly9zZXJ2aWNlcy5jaG9pY2Vwb2ludC5u ZXQvZ2V0LmpzcD8zNzU0NTA4MDU2MTEwLwYDVQQLEyhTZWUgd3d3Lmdlb3RydXN0 LmNvbS9yZXNvdXJjZXMvY3BzIChjKTA0MS8wLQYDVQQLEyZEb21haW4gQ29udHJv bCBWYWxpZGF0ZWQgLSBRdWlja1NTTChSKTEYMBYGA1UEAxMPc291cmNlZm9yZ2Uu bmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaOEprZSkzvgVLV7O81A6w wUH0w6ZwPO7K3zADrbELXXVWIU17WGTLcuhbCTohF45d+qopCULbE0UwY+Vk2mt+ 2dXe97t1AgnCnO1OfYqD0qcBjAkjqyxIZwqCaKvpH/I6+hiyXrrMc/x/wNPL+OQv v8Ycty+C2zO6gwkxvhbCowIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIE8DAdBgNV HQ4EFgQU5+MABGMoIzyCZFts+vmATbqv704wOwYDVR0fBDQwMjAwoC6gLIYqaHR0 cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9nbG9iYWxjYTEuY3JsMB8GA1UdIwQY MBaAFL6ooHRyUGtEt8kj2Puo/7NXa2hsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAKvJjpcpbPML HzUzv4aOYaOgo+tQiLlSgoJXNXJdVCugZ6OQF/a/YKMatVIwImVUib8AgRxxAl6L UCvL5c+uCgVSV2XNcn9Dc2+0Lr2YYFt5V3+pPfqe2MfrqAmd23Lf2lz+O8uO6HKD BZK/N1kkMOo0WQnoz8OMurkae0grEfHS -----END CERTIFICATE-----
NOTE: Hit “enter” again after you run the script to disconect from the webserver.
-
POP3 server certificate information for mail.comcast.net on port 995:
]$ openssl s_client -connect mail.comcast.net:995 -showcerts
Note: If you run the command above, you will be connected to the mail server. To exit, type “quit”.
Why do you even need to know the cert information? Come on, you are asking me? Make up a reason that satisfies you and live with it ;).
About this entry
You’re currently reading “ View SSL cert from terminal ,” an entry on a little stupid blog
- Published:
- 11.23.05 / 2pm
- Category:
- tips-n-tricks
Comments are closed
Comments are currently closed on this entry.