openssl

get information / certificate from remote host

openssl s_client -connect example.com:443

view certificate ... locally

openssl x509 -in cert.pem -text

extract certificates

without SNI:

openssl s_client -connect example.com:443 -showcerts

with SNI:

openssl s_client -servername example.com -connect example.com:443 2>/dev/null </dev/null |  openssl x509 -outform pem

extract fingerprint

openssl s_client -connect example.com:443|openssl x509 -fingerprint -noout

remove password / passphrase from certificate

openssl rsa -in name.key -out name.key

display subject / common name

openssl x509 -noout -subject -in name.crt

subject= /CN=foo.example.com