Juan Martinez 2 min read

View SSL cert from terminal

Does your job or your natural curiosity require you to see a sites' SSL certificate or other web server TLS info? Here a couple nifty ways to view the secure cert for a webserver and POP3 server from the Linux command line. Again, I am assuming that you are familiar with Linux and have the openssl binary installed on your system. Please read the openssl(1) manpage for futher options.

  • Web server certificate information on port 443 for www.sourceforge.net:
    ]$ openssl s_client -connect www.sourceforge.net:443
    Subsitute www.sourceforge.net with any domain of your choice. While you are at it, script it:

    Run it:
    ]$ ./get-cert.sh www.sourceforge.net
    Sample output:
    -----BEGIN CERTIFICATE-----
    MIIDdDCCAt2gAwIBAgIDATMOMA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVT
    MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4
    IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDUwMzAzMDAwOTA0WhcN
    MDYwNTAyMjMwOTA0WjCB4zELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD3NvdXJjZWZv
    cmdlLm5ldDE8MDoGA1UECxMzaHR0cHM6Ly9zZXJ2aWNlcy5jaG9pY2Vwb2ludC5u
    ZXQvZ2V0LmpzcD8zNzU0NTA4MDU2MTEwLwYDVQQLEyhTZWUgd3d3Lmdlb3RydXN0
    LmNvbS9yZXNvdXJjZXMvY3BzIChjKTA0MS8wLQYDVQQLEyZEb21haW4gQ29udHJv
    bCBWYWxpZGF0ZWQgLSBRdWlja1NTTChSKTEYMBYGA1UEAxMPc291cmNlZm9yZ2Uu
    bmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaOEprZSkzvgVLV7O81A6w
    wUH0w6ZwPO7K3zADrbELXXVWIU17WGTLcuhbCTohF45d+qopCULbE0UwY+Vk2mt+
    2dXe97t1AgnCnO1OfYqD0qcBjAkjqyxIZwqCaKvpH/I6+hiyXrrMc/x/wNPL+OQv
    v8Ycty+C2zO6gwkxvhbCowIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIE8DAdBgNV
    HQ4EFgQU5+MABGMoIzyCZFts+vmATbqv704wOwYDVR0fBDQwMjAwoC6gLIYqaHR0
    cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9nbG9iYWxjYTEuY3JsMB8GA1UdIwQY
    MBaAFL6ooHRyUGtEt8kj2Puo/7NXa2hsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
    BgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAKvJjpcpbPML
    HzUzv4aOYaOgo+tQiLlSgoJXNXJdVCugZ6OQF/a/YKMatVIwImVUib8AgRxxAl6L
    UCvL5c+uCgVSV2XNcn9Dc2+0Lr2YYFt5V3+pPfqe2MfrqAmd23Lf2lz+O8uO6HKD
    BZK/N1kkMOo0WQnoz8OMurkae0grEfHS
    -----END CERTIFICATE-----

    NOTE: Hit "enter" again after you run the script to disconect from the webserver.
  • POP3 server certificate information for mail.comcast.net on port 995:
    ]$ openssl s_client -connect mail.comcast.net:995 -showcerts

    Note: If you run the command above, you will be connected to the mail server. To exit, type "quit".

Why do you even need to know the cert information? Come on, you are asking me? Make up a reason that satisfies you and live with it ;).

Continue reading