Skip to content

Instantly share code, notes, and snippets.

Last active July 17, 2024 03:43
Show Gist options
  • Save stonehippo/710faa4b307a223e469e84b2ae3db340 to your computer and use it in GitHub Desktop.
Save stonehippo/710faa4b307a223e469e84b2ae3db340 to your computer and use it in GitHub Desktop.
A couple of ways to look at web server HTTPS/TLS/SSL certificate data via the command line

Inspecting HTTPS (TLS, SSL) certificates from the command line

I needed to inspect an HTTPS site's current certs and wanted to do it from the command line. Here are a couple of commands that I used that worked quite well.

With nmap

nmap -p 443 --script ssl-cert [hostname]

With cURL

curl -vvI https://[server URL]

cURL will report some certificate information in its versbose output when connecting to an HTTPS URL. Note: it seems that recent versions of curl won't report much info on the cert.

With OpenSSL

openssl s_client -showcerts -connect [server domain name]:443

I like this method, becase OpenSSL will report a lot of details about the certificates, including the full CA chain, if available.

Some additional useful commands

Inspecting a PEM certificate

openssl x509 -in [PEM file] -text

Extracting certificate and private key from a PKCS12

I recently wanted to change the configuration on an application server, moving the TLS termination from a Tomcat server to NGINX proxy. I needed to extract the certificate and private key from the original PKCS12 store. Here's how I did that:

openssl pkcs12 -in ./[pkcs12 file] -clcerts -nokeys -out public.crt
openssl pkcs12 -in ./[pkcs12 files] -nocerts -nodes -out private.rsa
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment