$ openssl s_client -connect unblog.ch:443 -showcerts An encrypted connection to unblog.ch is established and then the Web page is retrieved. If individual tests are to be performed, the following examples show how to do this. The evaluation shows which encryption methods and key exchange methods have been used. The free online service SSL Labs provide deep analysis of the configuration of any SSL web server that can be performed, the connection is performed with many different browsers and displayed, and which encryption has been achieved. This article shows how to perform the usage of OpenSSL for verification and analysis, when accessing web servers via TCP port 443 and STARTTLS over TCP 587 or IMAPS TCP 993 to mail server, which requires OpenSSL on the computer. Info: Run man x509 to see the all available options.OpenSSL can be used in many ways, so not only keys and certificates for SSL/TLS encrypted connections can be generated, but also their analysis and testing is possible. Prints out the digest of the DER encoded version of the whole certificate. Prints out the start and expiry dates of a certificate. Prevents output of the encoded version of the request. MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDĮxpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMTgxMDU1MDBaFw0x MIIFGDCCBACgAwIBAgISA4b0Yz00UKhHzPeZEB95HCHIMA0GCSqGSIb3DQEBCwUA Show the SSL certificate itself (encoded): $ echo | openssl s_client -servername -connect :443 2>/dev/null | openssl x509 Signature Algorithm: sha256WithRSAEncryption Show the SHA1 fingerprint of the SSL certificate: $ echo | openssl s_client -servername -connect 2>/dev/null | openssl x509 -noout -fingerprint Subject= /CN=notBefore=Mar 18 10:55:00 2017 GMTĬool Tip: You can also decode an SSL certificate file if you have it locally, using the openssl utility from the Linux command-line! Read more → Show the all above information about the SSL certificate, at once: $ echo | openssl s_client -servername -connect :443 2>/dev/null | openssl x509 -noout -issuer -subject -dates Subject= /CN=Check for what dates the SSL certificate is valid: $ echo | openssl s_client -servername -connect :443 2>/dev/null | openssl x509 -noout -dates Issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3Ĭheck whom the SSL certificate is issued to: $ echo | openssl s_client -servername -connect :443 2>/dev/null | openssl x509 -noout -subject OpenSSL: Check SSL Certificate – Additional Informationīesides of the validity dates, an SSL certificate contains other interesting information.Įach SSL certificate contains the information about who has issued the certificate, whom is it issued to, already mentioned validity dates, SSL certificate’s SHA1 fingerprint and some other data.Īll these data can retrieved from a website’s SSL certificate using the openssl utility from the command-line in Linux.Ĭheck who has issued the SSL certificate: $ echo | openssl s_client -servername -connect :443 2>/dev/null | openssl x509 -noout -issuer Info: Run man s_client to see the all available options.Īs an example, let’s use the openssl to check the SSL certificate expiration date of the website: $ echo | openssl s_client -servername -connect 2>/dev/null | openssl x509 -noout -dates The TLS SNI (Server Name Indication) extension (website). Run the following one-liner from the Linux command-line to check the SSL certificate expiration date, using the openssl: $ echo | openssl s_client -servername NAME -connect HOST: PORT 2>/dev/null | openssl x509 -noout -dates Linux users can easily check an SSL certificate from the Linux command-line, using the openssl utility, that can connect to a remote website over HTTPS, decode an SSL certificate and retrieve the all required data.Ĭool Tip: If your SSL certificate expires soon – you will need to generate a new CSR! In Linux this can be easily done with a simple one-liner! Read more → Check SSL Certificate Expiration Date From this article you will learn how to connect to a website over HTTPS and check its SSL certificate expiration date from the Linux command-line.īesides of validity dates, i’ll show how to view who has issued an SSL certificate, whom is it issued to, its SHA1 fingerprint and the other useful information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |