stonehippo · March 25, 2025 18:53 · Oct 4, 2020 · Oct 4, 2020 · Aug 29, 2020 · Aug 29, 2020
diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -5,7 +5,7 @@ I needed to inspect an HTTPS site's current certs and wanted to do it from the c
 ## With nmap
 
 ```
-nmap -p 443 --script ssl-cert
+nmap -p 443 --script ssl-cert [hostname]
 ```
 
 ## With cURL

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -2,13 +2,19 @@
 
 I needed to inspect an HTTPS site's current certs and wanted to do it from the command line. Here are a couple of commands that I used that worked quite well.
 
+## With nmap
+
+```
+nmap -p 443 --script ssl-cert
+```
+
 ## With cURL
 
 ```
 curl -vvI https://[server URL]
 ```
 
-cURL will report some certificate information in its versbose output when connecting to an HTTPS URL.
+cURL will report some certificate information in its versbose output when connecting to an HTTPS URL. *Note: it seems that recent versions of curl won't report much info on the cert.*
 
 ## With OpenSSL
 

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -5,7 +5,7 @@ I needed to inspect an HTTPS site's current certs and wanted to do it from the c
 ## With cURL
 
 ```
-curl -i --verbose https://[server URL]
+curl -vvI https://[server URL]
 ```
 
 cURL will report some certificate information in its versbose output when connecting to an HTTPS URL.

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -8,7 +8,7 @@ I needed to inspect an HTTPS site's current certs and wanted to do it from the c
 curl -i --verbose https://[server URL]
 ```
 
-cURL will report come certificate information in its versbose output when connecting to an HTTPS URL.
+cURL will report some certificate information in its versbose output when connecting to an HTTPS URL.
 
 ## With OpenSSL
 

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -29,7 +29,7 @@ openssl x509 -in [PEM file] -text
 
 ### Extracting certificate and private key from a PKCS12
 
-I recently wanted to change the configuration on an application server, moving the TLS termination from a Tomcat server to NGINX. I neeed to extract the certificate and private key from the PKCS12 store it was in. Here's how I did that:
+I recently wanted to change the configuration on an application server, moving the TLS termination from a Tomcat server to NGINX proxy. I needed to extract the certificate and private key from the original PKCS12 store. Here's how I did that:
 
 ```
 openssl pkcs12 -in ./[pkcs12 file] -clcerts -nokeys -out public.crt

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -29,7 +29,7 @@ openssl x509 -in [PEM file] -text
 
 ### Extracting certificate and private key from a PKCS12
 
-I recently wanted to change the configuration on a server, moving the TLS termination from a Tomcat server to NGINX. I neeed to extract the certificate and private key from the PKCS12 store it was in. Here's how I did that:
+I recently wanted to change the configuration on an application server, moving the TLS termination from a Tomcat server to NGINX. I neeed to extract the certificate and private key from the PKCS12 store it was in. Here's how I did that:
 
 ```
 openssl pkcs12 -in ./[pkcs12 file] -clcerts -nokeys -out public.crt

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -29,7 +29,7 @@ openssl x509 -in [PEM file] -text
 
 ### Extracting certificate and private key from a PKCS12
 
-I recently wanted to change the configuration on a server, moving the TLS termination from a Tomcat server to NGINX. I need to extract the certificate and private key from the PKCS12 store it was in. Here's how I did that:
+I recently wanted to change the configuration on a server, moving the TLS termination from a Tomcat server to NGINX. I neeed to extract the certificate and private key from the PKCS12 store it was in. Here's how I did that:
 
 ```
 openssl pkcs12 -in ./[pkcs12 file] -clcerts -nokeys -out public.crt

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -1,6 +1,6 @@
 # Inspecting HTTPS (TLS, SSL) certificates from the command line
 
-I needed to inspect an HTTPS sites current certs and wanted to do it from the command line. Here are a couple of commands that I used that worked quite well.
+I needed to inspect an HTTPS site's current certs and wanted to do it from the command line. Here are a couple of commands that I used that worked quite well.
 
 ## With cURL
 
@@ -18,7 +18,7 @@ openssl s_client -showcerts -connect [server domain name]:443
 
 I like this method, becase OpenSSL will report a lot of details about the certificates, including the full CA chain, if available.
 
-## A couple of useful commands
+## Some additional useful commands
 
 ### Inspecting a PEM certificate
 

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -20,6 +20,15 @@ I like this method, becase OpenSSL will report a lot of details about the certif
 
 ## A couple of useful commands
 
+### Inspecting a PEM certificate
+
+```
+openssl x509 -in [PEM file] -text
+```
+
+
+### Extracting certificate and private key from a PKCS12
+
 I recently wanted to change the configuration on a server, moving the TLS termination from a Tomcat server to NGINX. I need to extract the certificate and private key from the PKCS12 store it was in. Here's how I did that:
 
 ```

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -18,7 +18,7 @@ openssl s_client -showcerts -connect [server domain name]:443
 
 I like this method, becase OpenSSL will report a lot of details about the certificates, including the full CA chain, if available.
 
-## A couple of useful commandsw
+## A couple of useful commands
 
 I recently wanted to change the configuration on a server, moving the TLS termination from a Tomcat server to NGINX. I need to extract the certificate and private key from the PKCS12 store it was in. Here's how I did that:
 

diff --git a/inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs.md
@@ -16,4 +16,13 @@ cURL will report come certificate information in its versbose output when connec
 openssl s_client -showcerts -connect [server domain name]:443
 ```
 
-I like this method, becase OpenSSL will report a lot of details about the certificates, including the full CA chain, if available.
+I like this method, becase OpenSSL will report a lot of details about the certificates, including the full CA chain, if available.
+
+## A couple of useful commandsw
+
+I recently wanted to change the configuration on a server, moving the TLS termination from a Tomcat server to NGINX. I need to extract the certificate and private key from the PKCS12 store it was in. Here's how I did that:
+
+```
+openssl pkcs12 -in ./[pkcs12 file] -clcerts -nokeys -out public.crt
+openssl pkcs12 -in ./[pkcs12 files] -nocerts -nodes -out private.rsa
+```
diff --git a/inspect_https-tls-ssl_certs → inspect_https-tls-ssl_certs.md b/inspect_https-tls-ssl_certs → inspect_https-tls-ssl_certs.md
diff --git a/inspect_https-tls-ssl_certs b/inspect_https-tls-ssl_certs
@@ -0,0 +1,19 @@
+# Inspecting HTTPS (TLS, SSL) certificates from the command line
+
+I needed to inspect an HTTPS sites current certs and wanted to do it from the command line. Here are a couple of commands that I used that worked quite well.
+
+## With cURL
+
+```
+curl -i --verbose https://[server URL]
+```
+
+cURL will report come certificate information in its versbose output when connecting to an HTTPS URL.
+
+## With OpenSSL
+
+```
+openssl s_client -showcerts -connect [server domain name]:443
+```
+
+I like this method, becase OpenSSL will report a lot of details about the certificates, including the full CA chain, if available.