{"id":2021,"date":"2014-03-07T15:45:32","date_gmt":"2014-03-07T15:45:32","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=2021"},"modified":"2014-03-07T15:46:48","modified_gmt":"2014-03-07T15:46:48","slug":"2021","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=2021","title":{"rendered":"OpenSSL Client Commands – Check the Contents of an SSL Certificate"},"content":{"rendered":"

Here are a list of useful OpenSSL commands which might be useful to use in a Bash script:<\/p>\n

Determine who issued the certificate:<\/strong>
\n$ echo | openssl s_client -connect server.com:443 2>\/dev\/null | openssl x509 -noout -issuer
\nissuer= \/C=US\/O=Company Inc\/CN=www.server.com<\/p>\n

Determine who the certificate is issued to:<\/strong>
\n$ echo | openssl s_client -connect server.com:443 2>\/dev\/null | openssl x509 -noout -subject
\nsubject= \/C=EN\/L=Horsley Surrey\/O=Google Inc\/CN=*.server.com<\/p>\n

Check validity dates:<\/strong>
\n$ echo | openssl s_client -connect server.com:443 2>\/dev\/null | openssl x509 -noout -dates
\nnotBefore=Dec 11 12:49:14 2013 GMT
\nnotAfter=Apr 10 00:00:00 2014 GMT<\/p>\n

ALL THREE AT ONCE:<\/strong>
\n$ echo | openssl s_client -connect server.com:443 2>\/dev\/null | openssl x509 -noout -issuer -subject -dates
\nissuer= \/C=US\/O=Company Inc\/CN=www.server.com
\nsubject= \/C=EN\/L=Horsley Surrey\/O=Google Inc\/CN=*.server.com
\nnotBefore=Dec 11 12:49:14 2013 GMT
\nnotAfter=Apr 10 00:00:00 2014 GMT<\/p>\n

Check the hash value:<\/strong>
\n$ echo | openssl s_client -connect server.com:443 2>\/dev\/null | openssl x509 -noout -hash
\na18bd28a<\/p>\n

Check the MD5 fingerprint:<\/strong>
\n$ echo | openssl s_client -connect server.com:443 2>\/dev\/null | openssl x509 -noout -fingerprint
\nSHA1 Fingerprint=AD:3C:56:FB:E8:C0:62:B0:FF:89:21:52:98:B1:A1:D4:94:A4:1C:84<\/p>\n

Extract ALL information from the certificate:<\/strong>
\n$ echo | openssl s_client -connect server.com:443 2>\/dev\/null | openssl x509 -noout -text<\/p>\n","protected":false},"excerpt":{"rendered":"

Here are a list of useful OpenSSL commands which might be useful to use in a Bash script: Determine who issued the certificate: $ echo | openssl s_client -connect server.com:443 2>\/dev\/null | openssl x509 -noout -issuer issuer= \/C=US\/O=Company Inc\/CN=www.server.com<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[71],"tags":[72,4,62],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2021"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2021"}],"version-history":[{"count":2,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2021\/revisions"}],"predecessor-version":[{"id":2023,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2021\/revisions\/2023"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2021"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}