Skip to content

Instantly share code, notes, and snippets.

@stonehippo

stonehippo/inspect_https-tls-ssl_certs.md

Last active March 25, 2025 18:53
Show Gist options
  • Save stonehippo/710faa4b307a223e469e84b2ae3db340 to your computer and use it in GitHub Desktop.
Save stonehippo/710faa4b307a223e469e84b2ae3db340 to your computer and use it in GitHub Desktop.
Download ZIP
A couple of ways to look at web server HTTPS/TLS/SSL certificate data via the command line
Raw
inspect_https-tls-ssl_certs.md

Inspecting HTTPS (TLS, SSL) certificates from the command line

I needed to inspect an HTTPS site's current certs and wanted to do it from the command line. Here are a couple of commands that I used that worked quite well.

With cURL

curl -i --verbose https://[server URL]

cURL will report come certificate information in its versbose output when connecting to an HTTPS URL.

With OpenSSL

openssl s_client -showcerts -connect [server domain name]:443

I like this method, becase OpenSSL will report a lot of details about the certificates, including the full CA chain, if available.

Some additional useful commands

Inspecting a PEM certificate

openssl x509 -in [PEM file] -text

Extracting certificate and private key from a PKCS12

I recently wanted to change the configuration on a server, moving the TLS termination from a Tomcat server to NGINX. I neeed to extract the certificate and private key from the PKCS12 store it was in. Here's how I did that:

openssl pkcs12 -in ./[pkcs12 file] -clcerts -nokeys -out public.crt
openssl pkcs12 -in ./[pkcs12 files] -nocerts -nodes -out private.rsa
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment