Skip to content

openssl

read certificate

remote host:

openssl s_client -connect example.com:443

from file:

openssl x509 -in cert.pem -text

extract certificates

without SNI:

openssl s_client -connect example.com:443 -showcerts

with SNI:

openssl s_client -servername example.com -connect example.com:443 2>/dev/null </dev/null |  openssl x509 -outform pem

display public key size

openssl s_client -connect google.com:443 </dev/null 2>/dev/null | openssl x509 -text -noout | grep -i "public-key"

extract fingerprint

openssl s_client -connect example.com:443|openssl x509 -fingerprint -noout

remove password / passphrase from certificate

openssl rsa -in name.key -out name.key

display subject / common name

openssl x509 -noout -subject -in name.crt

subject= /CN=foo.example.com