Skip to content


get information / certificate from remote host

openssl s_client -connect

view certificate ... locally

openssl x509 -in cert.pem -text

extract certificates

without SNI:

openssl s_client -connect -showcerts

with SNI:

openssl s_client -servername -connect 2>/dev/null </dev/null |  openssl x509 -outform pem

extract fingerprint

openssl s_client -connect|openssl x509 -fingerprint -noout

remove password / passphrase from certificate

openssl rsa -in name.key -out name.key

display subject / common name

openssl x509 -noout -subject -in name.crt

subject= /