Subscribe
2 min read

Getting SSL cert info from the terminal

A thing I need once in a while for work is to get some info on the SSL cert a website uses. Usually I want to know a few things:

  • Who is the issuer? (Let's Encrypt, ZeroSSL etc.)
  • How long will it be valid for?
  • What is the Subject CN, or what is the main domain the cert is valid for?
  • Are there Subject Alternative Names on the cert?

The Subject Alternative Names, or SANs, anrr important as they are effectively other domains, other than the Subject CN, that the cert is also valid for. This could be for something as simple as when you want a cert to work for the main domain and a subdomain, like mydomain.com and www.mydomain.com, but it also comes up often when mapping multiple root domains to a single web server and application, like for WordPress Multisite setups.

I'm doing some wandering in the desert on Browsers at the moment, and giving something other than Firefox a try as my main browser (maybe a blog post on that is warranted soon). One thing Firefox does really well, but I can seem to figure out on Chromium browsers is a good way to get info on website's SSL cert, particularly the SANs.

I figured I could probably turn to curl for this at the cli, but no luck there. Eventually I found this question on Server Fault:

Displaying a remote SSL certificate details using CLI tools
In Chrome, clicking on the green HTTPS lock icon opens a window with the certificate details: When I tried the same with cURL, I got only some of the information: $ curl -vvI https://gnupg.org * R…
Server FaultAdam Matan

Based on the answer there, I tried this incantation, which worked pretty well:

echo | openssl s_client -showcerts -servername jadin.me -connect jadin.me:443 2>/dev/null | openssl x509 -inform pem -noout -text

Obviously, there is no way I'll remember that, nor is it fast or easy to type, so I made a little one-line shell script which takes a domain as an argument, to make this easy:

#!/usr/bin/env bash

echo | openssl s_client -showcerts -servername $1 -connect $1:443 2>/dev/null | openssl x509 -inform pem -noout -text

Now I can quickly get a bunch of info on a site's SSL cert really quickly 🎉

Admittedly, there is actually a ton in the output here that I don't care about, so the next step would be to simplify this down using grep , sed, and awk most likely, but for now this one-liner works.

Comments