Note: This post is over two years old and so the information contained here might be out of date. If you do spot something please leave a comment and we will endeavour to correct.
Whilst it is possible to view the contents of an SSL cert from within most modern browsers I occasionally find the need to use the command line to find out the same information. I find this useful when renewing certificates as browsers can occasionally cache certificates for longer than expected, causing false results.
The following command connects to the server, downloads the SSL certificate from port 443 and then uses the openssl tool to extract the information from the certificate into a readable format.
echo | openssl s_client -showcerts -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -inform pem -noout -text
This produces the following output.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:d0:78:dd:48:f1:a2:bd:4d:0f:2b:a9:6b:60:38:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
Validity
Not Before: Nov 28 00:00:00 2018 GMT
Not After : Dec 2 12:00:00 2020 GMT
Subject: C=US, ST=California, L=Los Angeles, O=Internet Corporation for Assigned Names and Numbers, OU=Technology, CN=www.example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d0:f0:12:74:a0:96:20:72:08:65:19:12:5a:5d:
4a:d0:3a:8c:66:8f:a0:29:2b:a7:db:d5:ac:0c:cf:
a5:71:92:15:42:15:b0:07:92:76:31:75:d7:27:8e:
4d:50:6a:75:d1:7b:53:5e:27:aa:ed:eb:a4:60:3a:
f2:8e:45:18:6b:45:33:5c:85:11:aa:20:12:fe:60:
ac:9d:4c:45:8f:dd:d3:0e:3e:77:0f:09:c2:85:65:
34:c7:22:fb:74:13:b9:42:9f:f7:21:f6:f0:9c:44:
74:6d:c9:df:b3:1f:8f:60:b7:71:11:06:90:63:41:
9d:8f:34:7b:24:49:46:ac:f2:f0:8d:0b:48:f4:d3:
92:1a:f7:a2:45:ee:cc:e5:d7:83:7f:2e:82:bd:71:
dd:28:19:58:33:6e:11:a1:3a:a0:6a:72:60:92:01:
59:9f:63:17:7a:49:42:7b:9c:3f:db:d3:05:e8:cc:
87:7e:f8:aa:fc:9d:d1:05:50:ab:75:b1:1e:ba:20:
cb:89:d4:6d:6c:37:82:28:4c:c5:3f:7c:c1:10:f5:
a0:a5:66:6b:53:53:c9:db:ed:85:c3:6d:05:f8:64:
a7:c9:0e:eb:8f:e1:c4:b1:eb:2d:68:0e:15:3f:e5:
e2:dc:fc:21:64:2d:ee:69:2b:04:78:db:77:65:cb:
54:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0F:80:61:1C:82:31:61:D5:2F:28:E7:8D:46:38:B4:2C:E1:C6:D9:E2
X509v3 Subject Key Identifier:
66:98:62:02:E0:09:91:A7:D9:E3:36:FB:76:C6:B0:BF:A1:6D:A7:BE
X509v3 Subject Alternative Name:
DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/ssca-sha2-g6.crl
Full Name:
URI:http://crl4.digicert.com/ssca-sha2-g6.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.114412.1.1
CPS: https://www.digicert.com/CPS
Policy: 2.23.140.1.2.2
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt
X509v3 Basic Constraints: critical
CA:FALSE
1.3.6.1.4.1.11129.2.4.2:
...k.i.w.......X......gp
.....g\1.F.....H0F.!..d..!...H.v.K.F.W'..{.;.JWBl...l.!.....0.d..L|nXSW....EO..F..p...BB.v..u..Y|..C._..n.V.GV6.J.`....^......g\1.......G0E. o.w.....c-....A.@../..f.._s.H.P..!....H.....D%.<...+.|..'{..X....JN.v.oSv.1.1.....Q..w.....}..c).-. MwZ.I.J.h..a... .1....q.C.....O...z....D;....
[.V.=,r.
Signature Algorithm: sha256WithRSAEncryption
73:70:85:ef:40:41:a7:6a:43:d5:78:9c:7b:55:48:e6:bc:6b:
99:86:ba:fb:0d:03:8b:78:fe:11:f0:29:a0:0c:cd:69:14:0b:
c6:04:78:b2:ce:f0:87:d5:01:9d:c4:59:7a:71:fe:f0:6e:9e:
c1:a0:b0:91:2d:1f:ea:3d:55:c5:33:05:0c:cd:c1:35:18:b0:
6a:68:66:4c:bf:56:21:da:5b:d9:48:b9:8c:35:21:91:5d:dc:
75:d7:7a:46:2c:22:27:a6:6f:d3:3a:17:eb:be:bd:13:c5:12:
26:73:c0:5d:a3:35:89:6a:fb:27:d4:dd:aa:74:74:2e:37:e5:
01:3b:a6:d0:30:b0:83:d0:a1:c4:75:21:85:b2:e5:fa:67:00:
30:a2:bc:53:83:4d:bf:d6:a8:83:bb:bc:d6:ed:1c:b3:1e:f1:
58:03:82:00:8e:9c:ef:90:f2:1a:5f:a2:a3:06:da:5d:be:9f:
da:5d:a6:e6:2f:de:58:80:18:d3:f1:62:7b:a6:a3:9f:ae:a8:
69:72:63:81:65:ae:82:83:a3:b5:97:8a:9b:20:51:ff:1a:3f:
61:40:1e:48:d0:6b:38:f9:e1:fa:17:d8:77:4a:88:e6:3d:36:
24:4f:ef:0a:b9:9f:70:f3:83:27:f8:cf:2a:05:75:10:a1:8a:
0a:80:88:cd
Add new comment