Read Contents Of SSL Cert From The Command Line

Read Contents Of SSL Cert From The Command Line

4th January 2019 - 3 minutes read time

Whilst it is possible to view the contents of an SSL cert from within most modern browsers I occasionally find the need to use the command line to find out the same information. I find this useful when renewing certificates as browsers can occasionally cache certificates for longer than expected, causing false results.

The following command connects to the server, downloads the SSL certificate from port 443 and then uses the openssl tool to extract the information from the certificate into a readable format.

echo | openssl s_client -showcerts -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -inform pem -noout -text

This produces the following output.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:d0:78:dd:48:f1:a2:bd:4d:0f:2b:a9:6b:60:38:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
        Validity
            Not Before: Nov 28 00:00:00 2018 GMT
            Not After : Dec  2 12:00:00 2020 GMT
        Subject: C=US, ST=California, L=Los Angeles, O=Internet Corporation for Assigned Names and Numbers, OU=Technology, CN=www.example.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d0:f0:12:74:a0:96:20:72:08:65:19:12:5a:5d:
                    4a:d0:3a:8c:66:8f:a0:29:2b:a7:db:d5:ac:0c:cf:
                    a5:71:92:15:42:15:b0:07:92:76:31:75:d7:27:8e:
                    4d:50:6a:75:d1:7b:53:5e:27:aa:ed:eb:a4:60:3a:
                    f2:8e:45:18:6b:45:33:5c:85:11:aa:20:12:fe:60:
                    ac:9d:4c:45:8f:dd:d3:0e:3e:77:0f:09:c2:85:65:
                    34:c7:22:fb:74:13:b9:42:9f:f7:21:f6:f0:9c:44:
                    74:6d:c9:df:b3:1f:8f:60:b7:71:11:06:90:63:41:
                    9d:8f:34:7b:24:49:46:ac:f2:f0:8d:0b:48:f4:d3:
                    92:1a:f7:a2:45:ee:cc:e5:d7:83:7f:2e:82:bd:71:
                    dd:28:19:58:33:6e:11:a1:3a:a0:6a:72:60:92:01:
                    59:9f:63:17:7a:49:42:7b:9c:3f:db:d3:05:e8:cc:
                    87:7e:f8:aa:fc:9d:d1:05:50:ab:75:b1:1e:ba:20:
                    cb:89:d4:6d:6c:37:82:28:4c:c5:3f:7c:c1:10:f5:
                    a0:a5:66:6b:53:53:c9:db:ed:85:c3:6d:05:f8:64:
                    a7:c9:0e:eb:8f:e1:c4:b1:eb:2d:68:0e:15:3f:e5:
                    e2:dc:fc:21:64:2d:ee:69:2b:04:78:db:77:65:cb:
                    54:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:0F:80:61:1C:82:31:61:D5:2F:28:E7:8D:46:38:B4:2C:E1:C6:D9:E2

            X509v3 Subject Key Identifier:
                66:98:62:02:E0:09:91:A7:D9:E3:36:FB:76:C6:B0:BF:A1:6D:A7:BE
            X509v3 Subject Alternative Name:
                DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/ssca-sha2-g6.crl

                Full Name:
                  URI:http://crl4.digicert.com/ssca-sha2-g6.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114412.1.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.2.2

            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            1.3.6.1.4.1.11129.2.4.2:
                ...k.i.w.......X......gp
.....g\1.F.....H0F.!..d..!...H.v.K.F.W'..{.;.JWBl...l.!.....0.d..L|nXSW....EO..F..p...BB.v..u..Y|..C._..n.V.GV6.J.`....^......g\1.......G0E. o.w.....c-....A.@../..f.._s.H.P..!....H.....D%.<...+.|..'{..X....JN.v.oSv.1.1.....Q..w.....}..c).-. MwZ.I.J.h..a... .1....q.C.....O...z....D;....
[.V.=,r.
    Signature Algorithm: sha256WithRSAEncryption
         73:70:85:ef:40:41:a7:6a:43:d5:78:9c:7b:55:48:e6:bc:6b:
         99:86:ba:fb:0d:03:8b:78:fe:11:f0:29:a0:0c:cd:69:14:0b:
         c6:04:78:b2:ce:f0:87:d5:01:9d:c4:59:7a:71:fe:f0:6e:9e:
         c1:a0:b0:91:2d:1f:ea:3d:55:c5:33:05:0c:cd:c1:35:18:b0:
         6a:68:66:4c:bf:56:21:da:5b:d9:48:b9:8c:35:21:91:5d:dc:
         75:d7:7a:46:2c:22:27:a6:6f:d3:3a:17:eb:be:bd:13:c5:12:
         26:73:c0:5d:a3:35:89:6a:fb:27:d4:dd:aa:74:74:2e:37:e5:
         01:3b:a6:d0:30:b0:83:d0:a1:c4:75:21:85:b2:e5:fa:67:00:
         30:a2:bc:53:83:4d:bf:d6:a8:83:bb:bc:d6:ed:1c:b3:1e:f1:
         58:03:82:00:8e:9c:ef:90:f2:1a:5f:a2:a3:06:da:5d:be:9f:
         da:5d:a6:e6:2f:de:58:80:18:d3:f1:62:7b:a6:a3:9f:ae:a8:
         69:72:63:81:65:ae:82:83:a3:b5:97:8a:9b:20:51:ff:1a:3f:
         61:40:1e:48:d0:6b:38:f9:e1:fa:17:d8:77:4a:88:e6:3d:36:
         24:4f:ef:0a:b9:9f:70:f3:83:27:f8:cf:2a:05:75:10:a1:8a:
         0a:80:88:cd

 

command line

Add new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
2 + 10 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Related Content

Using The Fingerprint Scanner On Pop! OS 22.04

30th April 2023

I work on a couple of ThinkPad laptops (T490 and a P14s) and whilst they have fingerprint scanners I haven't really considered using them. I once attempted to get a fingerprint scanner working in Linux on an old HP laptop and that experience put me off trying again.

Read more

Timing Page Responses With Curl

27th March 2022

Timing web requests is possible in curl using the -w or --write-out flag. This flag takes a number of different options, including several time based options.

Read more

Explain Shell

6th February 2022

If you are working on the Linux command line then sometimes you'll do a search to find out how to run a command that performs a task. I don't usually copy and paste commands in unless I can see what is going on, which used to mean spending time going through man pages and documentation trying to find out what this or that flag does.

Read more

Repointing A Symlink To A Different Location

10th December 2020

​Creating a symlink is a common way of ensuring that the directory structure of a deployment will always be the same. For example you might create a symlink so that the release directory of release123/docroot will instead be just current.

Read more