OpenSSL Client Commands – Check the Contents of an SSL Certificate
Here are a list of useful OpenSSL commands which might be useful to use in a Bash script:
Determine who issued the certificate:
$ echo | openssl s_client -connect server.com:443 2>/dev/null | openssl x509 -noout -issuer
issuer= /C=US/O=Company Inc/CN=www.server.com
Determine who the certificate is issued to:
$ echo | openssl s_client -connect server.com:443 2>/dev/null | openssl x509 -noout -subject
subject= /C=EN/L=Horsley Surrey/O=Google Inc/CN=*.server.com
Check validity dates:
$ echo | openssl s_client -connect server.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Dec 11 12:49:14 2013 GMT
notAfter=Apr 10 00:00:00 2014 GMT
ALL THREE AT ONCE:
$ echo | openssl s_client -connect server.com:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
issuer= /C=US/O=Company Inc/CN=www.server.com
subject= /C=EN/L=Horsley Surrey/O=Google Inc/CN=*.server.com
notBefore=Dec 11 12:49:14 2013 GMT
notAfter=Apr 10 00:00:00 2014 GMT
Check the hash value:
$ echo | openssl s_client -connect server.com:443 2>/dev/null | openssl x509 -noout -hash
a18bd28a
Check the MD5 fingerprint:
$ echo | openssl s_client -connect server.com:443 2>/dev/null | openssl x509 -noout -fingerprint
SHA1 Fingerprint=AD:3C:56:FB:E8:C0:62:B0:FF:89:21:52:98:B1:A1:D4:94:A4:1C:84
Extract ALL information from the certificate:
$ echo | openssl s_client -connect server.com:443 2>/dev/null | openssl x509 -noout -text