How to check certificate information of web server using openssl

In this article we will see how to check certificate information of webserver using command line tool openssl

The below command will get you the valid period of the ssl certificate.

naveen@lintel:~$ echo | openssl s_client -connect www.google.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Dec 10 18:03:47 2015 GMT
notAfter=Mar  9 00:00:00 2016 GMT

To check the certificate information of web server, use the following command. Here I’m using google.com in this example

naveen@lintel:~$ echo | openssl s_client -connect  google.com:443 -showcerts

Export certificate into a file

naveen@lintel:~$ openssl s_client -connect  www.google.com:443 -showcerts < /dev/null  | openssl x509 -inform PEM  -text -out cert

If you want to extract the public key from the certificate, here is how you can do

naveen@lintel:~$ openssl s_client -connect  www.google.com:443 -showcerts < /dev/null  | openssl x509 -inform PEM  -pubkey
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
DONE
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcHKTjv57a9GHLxMDCCO
qW+qCh9JGYxX0QlBCTOz71oNPKlC8HzfGfx3nl0EXnOGJqUMbdLtke1+6lTKwJ8z
kArVrGvedfkpc7kV2i2g3AtD/7E+ig9sZ8hU1Rffzqt5OOMGqUKKDmC0JXh67uhY
t1GCTNsS6vIyl0qLWjoWBI2P+v7zL2VUFWnM3zLLvBWTy9tqmoFcGxHGtpmgvA0/
aBI1ZaYoojEVOEJ80jbg/67LJJalF7kbPjA0D45K4dFc82IDqIx768bbRTxxVK5j
BlVpCoj4MCCt3/HyOgKNlOB1ChHOfm54ELm4OWJC3ZMQUjzUnAX33/SLKQrv1dLe
KwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIIEgDCCA2igAwIBAgIITq9JKLrGf5EwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUxMjEwMTgwMzQ3WhcNMTYwMzA5MDAwMDAw
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3
Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVwcpO
O/ntr0YcvEwMII6pb6oKH0kZjFfRCUEJM7PvWg08qULwfN8Z/HeeXQRec4YmpQxt
0u2R7X7qVMrAnzOQCtWsa951+SlzuRXaLaDcC0P/sT6KD2xnyFTVF9/Oq3k44wap
QooOYLQleHru6Fi3UYJM2xLq8jKXSotaOhYEjY/6/vMvZVQVaczfMsu8FZPL22qa
gVwbEca2maC8DT9oEjVlpiiiMRU4QnzSNuD/rssklqUXuRs+MDQPjkrh0VzzYgOo
jHvrxttFPHFUrmMGVWkKiPgwIK3f8fI6Ao2U4HUKEc5+bngQubg5YkLdkxBSPNSc
Bfff9IspCu/V0t4rAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBTRV+KjkFiVN5eQP1h1Fz4F4rTwbzAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW
eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n
bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAQr4lzcjyBQZ5fn/Z
drUDqpN4fx8Sa6hafoGVOfWMktt003x8ylXb3Pxhgw27f6wiFFRXlX85a2F0/AnC
eoV23mHmV6/0mOwocVYt/Th96WNGGmhANkFW//HCphRWnhaOqIG6yFRQ/jxArTvZ
QJEGI5AiYHzQn7LdUM8mH1o3ifR+lX+QiAwyeU9oegdlRslI2KMoPOuOFj329NFx
Bw+XVQXMsRJITPg8pnegPmLCOjpz8y7pBxbxGnfaI66I8X4dArsaXX4r5mkfhk2e
mm7fxQ8qUaW9mKoW0XvwGxU0AwKI8OopuXHoD97vr2GSK0QNZ19A96mtTWnQ2cu2
i9qjGw==
-----END CERTIFICATE-----

 

References:
[1] Certificates and Encodings

 

Leave a Reply

Your email address will not be published. Required fields are marked *