Linux: How to Display the SSL Certificate of a Remote Server URL

Command:

server=test.kimconnect.com
echo | openssl s_client -showcerts -servername $server -connect $server:443 2>/dev/null | openssl x509 -inform pem -noout -text
kim@kimlinux:~$ echo | openssl s_client -showcerts -servername test.kimconnect.com -connect test.kimconnect.com:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
        Validity
            Not Before: Aug 15 00:00:00 2020 GMT
            Not After : Aug 15 12:00:00 2021 GMT
        Subject: C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:
            X509v3 Subject Key Identifier: 
            X509v3 Subject Alternative Name: 
                DNS:sni.cloudflaressl.com, DNS:*.kimconnect.com, DNS:kimconnect.com
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl
                Full Name:
                  URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114412.1.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.2.2
            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 
                    Timestamp : Aug 15 10:43:23.137 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 
                    Timestamp : Aug 15 10:43:23.189 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256                                
    Signature Algorithm: ecdsa-with-SHA256

Leave a Reply

Your email address will not be published. Required fields are marked *