SSL Tips and Tricks
This is a list of useful commands to see information on SSL certificates
Issuer
openssl s_client -showcerts -connect www.example.com:443 2>/dev/null | openssl x509 -noout -issuer
Subject | CN
openssl s_client -showcerts -connect www.example.com:443 2>/dev/null | openssl x509 -noout -subject
Validity date
openssl s_client -showcerts -connect www.example.com:443 2>/dev/null | openssl x509 -noout -dates
Full chain of the above
openssl s_client -showcerts -connect www.example.com:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
Full Certificate information
openssl s_client -showcerts -connect www.example.com:443
Howto check certificates local
Check for expire dates (rhel)
getcert list |grep expires
Check for a specific CA (rhel)
getcert list -c LOCAL
Fingerprint a certificate
Fingerprint with openssl
openssl x509 -in cert.crt -noout -fingerprint
SHA1 Fingerprint=4A:1B:26:1C:39:31:54:D8:7F:A3:13:5A:DC:46:31:35:69:E8:32:8B