Retrieving SSL Certificates from Servers
This might be common knowledge on the web development community but today I am going to show you a quick trick to retrieve SSL certificates off servers.
This should work out of the box on Linux machines. For macOS and Windows installing a recent version OpenSSL is needed.
Mac Install
macOS comes with OpenSSL, but it's a prehistorically deprecated version, so a newer one is required. Beware that this brew version of OpenSSL is keg-only, which means it will not be symlinked into /usr/local. You can either call it from its installation path or add it to your PATH.
Install a current OpenSSL on the Mac is with brew:
brew install openssl
To execute it without adding to your path use:
/usr/local/Cellar/openssl/<VERSION>/bin/openssl
Where <VERSION> is the current version installed. At the writing of this article that is 1.0.2s, so the command would be:
/usr/local/Cellar/openssl/1.0.2s/bin/openssl
Windows Install
Download the setup program and install it: https://sourceforge.net/projects/openssl/
Retrieve SSL Certificates
To read the SSL certificates off servers you could issue the following command:
openssl s_client -showcerts -servername <SERVER> -connect <SERVER>:<PORT> < /dev/null
Where <SERVER> is the domain name of the server you are retrieving the certificate from and <PORT> the connection port, usually 443.
So to obtain the certificate for this website you would issue this:
openssl s_client -showcerts -servername mteam7.com -connect mteam7.com:443 < /dev/null
Reply From the Server
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mteam7.com
verify return:1
---
Certificate chain
0 s:/CN=mteam7.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgISA9yN5crmT14jp7xxsmiFXTw0MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA2MDQyMTQ5MDdaFw0x
OTA5MDIyMTQ5MDdaMBUxEzARBgNVBAMTCm10ZWFtNy5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDIOMsh+SQgD28RjR0ZA63DS0DobiXmhVdsoj0Y
XN5T94A2/df/jT7DNlgI+omq73D0lh6SoKPQkSRPz3VIsIc1qlMKBkej2feO2+T0
OtkqTP1ST4Rrsqs8cVajeuJQxeAMLkDnLoa/cfzHDgssyKFcy/Von0ZL3vHPTnnt
NNo0EdYYltH94S02A6rtgFCBewQt7bTjPFr9S9187GuNzE+4WibGOvY/6j3Z+9C8
4/DpshiT8KLUx47+jqM74L+w2clwtA70wuDC5rOB/KJE1Zwp3uxmvmNMPlY31Y9h
B/Cv1RS/t5TUEacn+iWoIKvq6A8e/h321jFU0OVIStte30r/AgMBAAGjggKWMIIC
kjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHM+usAfOGekBTsc+Q/wJ3vsK/ozMB8G
A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAu
BggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAv
BggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w
TAYDVR0RBEUwQ4IRbWFjaW1nLm10ZWFtNy5jb22CCm10ZWFtNy5jb22CEndlYm1h
aWwubXRlYW03LmNvbYIOd3d3Lm10ZWFtNy5jb20wTAYDVR0gBEUwQzAIBgZngQwB
AgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRz
ZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgB0ftqDMa0zEJEh
nM4lT0Jwwr/9XkIgCMY3NXnmEHvMVgAAAWskro2QAAAEAwBHMEUCIQDc+Xhlm/Mj
ONsZB5Ge+5wzi47pkGiL+ahjCD7Sb11c1QIgLDp1QbkPQj3tLJsG51ltv9Q3iYc5
dZPTKwzzq/e47egAdgBj8tvN6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvYjQAA
AWskro1TAAAEAwBHMEUCIQCdhN0Rt42xTy/lb7HF7anW6Zvf/U0qN3sqkG6xdZIF
mwIgCCMNk7sY58rvTq7RNszfSG1JCATuuyiJNQrh8af33dAwDQYJKoZIhvcNAQEL
BQADggEBACLPow5Z0gudGE42k/9HnF/4n2qEDN/BPdV+Xy/A3mTFQB4Wax6h9FZL
UgOuhknJZhjIJpMq7LvpIToFrsO86d3ZhB0DvgeguRZGe63oMgQKPrrJNg5PEmNh
UQtLuI4ZGgDlLKzTPtWRBa+bDzedIlnI5M38LmlQRG+APyqMKBMSmsE2paEG/we+
/CyW7Skyp7vA4JwnwLaQ3nJrsmtwRNBFSsbm/A04jQ9/yHO58Z8M+xXP49QfTNaL
yzR+vkaRw0ekTPCFgjxpj2AF+u4v9JGvGpVEA1jlAVoyt2wwmB77+66encrbN+rb
gPzMmohLQmgx6j3zmcUfCYuqr8InZdk=
-----END CERTIFICATE-----
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=mteam7.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3303 bytes and written 452 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 182E47CE260E83F35F2C1C2D436FAA491A9A72BBBCD2928AF7F9BF1AECBB0DF1
Session-ID-ctx:
Master-Key: A92B90ABA431D453C05D6FEC8B8575AD550E923815D1062CADFCABA9AFD55BFAC0EE5010110E7B9A335282AB3DFB6BBE
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 3a 51 bc 09 f9 84 27 5e-8e b4 c7 fa 9f f3 59 37 :Q....'^......Y7
0010 - 62 33 55 e7 4e 2d 0d f7-45 5d a0 bf af c1 a3 34 b3U.N-..E].....4
0020 - 13 ab e2 8c bf c8 2d da-0b 58 98 49 78 d7 ae 88 ......-..X.Ix...
0030 - 74 e2 bb 78 0b 63 ae 65-6a 80 d2 4b 30 b8 25 11 t..x.c.ej..K0.%.
0040 - fa 86 28 4a de dc 29 8a-ea 4e 80 74 6d 6b 2f 28 ..(J..)..N.tmk/(
0050 - be dc f6 b2 78 c9 71 83-a5 0d ca 2c da ef 81 3a ....x.q....,...:
0060 - af aa a1 7c 5c 1d 14 87-0f a4 b9 5d 38 5f ce 2b ...|\......]8_.+
0070 - 64 68 f2 24 60 9d 46 5c-5e 87 4d 16 1e 3b d3 ca dh.$`.F\^.M..;..
0080 - f3 03 32 37 01 1c 23 b1-ea 04 39 3c 52 a7 1f 92 ..27..#...9aR...
0090 - f1 c8 b5 8b 11 cb 6a 6b-98 ae f6 88 6e 60 f3 fd ......jk....n`..
00a0 - b7 7e 88 c3 e4 f2 6d aa-c4 5a de 1f 6c b6 28 8a .~....m..Z..l.(.
00b0 - d3 2f eb 42 ab 91 db d1-33 02 c7 48 63 71 d0 e5 ./.B....3..Hcq..
00c0 - 67 67 22 2b b0 a6 51 00-12 22 c1 93 92 b9 8f 02 gg"+..Q.."......
Start Time: 1565395712
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
The Certificate
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgISA9yN5crmT14jp7xxsmiFXTw0MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA2MDQyMTQ5MDdaFw0x
OTA5MDIyMTQ5MDdaMBUxEzARBgNVBAMTCm10ZWFtNy5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDIOMsh+SQgD28RjR0ZA63DS0DobiXmhVdsoj0Y
XN5T94A2/df/jT7DNlgI+omq73D0lh6SoKPQkSRPz3VIsIc1qlMKBkej2feO2+T0
OtkqTP1ST4Rrsqs8cVajeuJQxeAMLkDnLoa/cfzHDgssyKFcy/Von0ZL3vHPTnnt
NNo0EdYYltH94S02A6rtgFCBewQt7bTjPFr9S9187GuNzE+4WibGOvY/6j3Z+9C8
4/DpshiT8KLUx47+jqM74L+w2clwtA70wuDC5rOB/KJE1Zwp3uxmvmNMPlY31Y9h
B/Cv1RS/t5TUEacn+iWoIKvq6A8e/h321jFU0OVIStte30r/AgMBAAGjggKWMIIC
kjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHM+usAfOGekBTsc+Q/wJ3vsK/ozMB8G
A1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAu
BggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAv
BggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w
TAYDVR0RBEUwQ4IRbWFjaW1nLm10ZWFtNy5jb22CCm10ZWFtNy5jb22CEndlYm1h
aWwubXRlYW03LmNvbYIOd3d3Lm10ZWFtNy5jb20wTAYDVR0gBEUwQzAIBgZngQwB
AgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRz
ZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgB0ftqDMa0zEJEh
nM4lT0Jwwr/9XkIgCMY3NXnmEHvMVgAAAWskro2QAAAEAwBHMEUCIQDc+Xhlm/Mj
ONsZB5Ge+5wzi47pkGiL+ahjCD7Sb11c1QIgLDp1QbkPQj3tLJsG51ltv9Q3iYc5
dZPTKwzzq/e47egAdgBj8tvN6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvYjQAA
AWskro1TAAAEAwBHMEUCIQCdhN0Rt42xTy/lb7HF7anW6Zvf/U0qN3sqkG6xdZIF
mwIgCCMNk7sY58rvTq7RNszfSG1JCATuuyiJNQrh8af33dAwDQYJKoZIhvcNAQEL
BQADggEBACLPow5Z0gudGE42k/9HnF/4n2qEDN/BPdV+Xy/A3mTFQB4Wax6h9FZL
UgOuhknJZhjIJpMq7LvpIToFrsO86d3ZhB0DvgeguRZGe63oMgQKPrrJNg5PEmNh
UQtLuI4ZGgDlLKzTPtWRBa+bDzedIlnI5M38LmlQRG+APyqMKBMSmsE2paEG/we+
/CyW7Skyp7vA4JwnwLaQ3nJrsmtwRNBFSsbm/A04jQ9/yHO58Z8M+xXP49QfTNaL
yzR+vkaRw0ekTPCFgjxpj2AF+u4v9JGvGpVEA1jlAVoyt2wwmB77+66encrbN+rb
gPzMmohLQmgx6j3zmcUfCYuqr8InZdk=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
{{ 'Comments (%count%)' | trans {count:count} }}
{{ 'Comments are closed.' | trans }}