Home / server / Questions / 129503
In Process
Jim
Asked: 2010-04-06 12:00:13 +0800 CST

Save Remote SSL Certificate via Linux Command Line

  • 772

Can you think of any linux command-line method for saving the certificate presented by a HTTPS server? Something along the lines of having curl/wget/openssl make a SSL connection and save the cert rather than the HTTP response content.

The gui equivalent to what I'm looking for would be to browse to the HTTPS site, double-click on the browser "secure site" icon, and export the cert. Except the goal here is to do it non-interactively.

Thanks, Jim

linux ssl https ssl-certificate x509

2 Answers

  1. Something like:

    openssl s_client -servername remote.server.net -connect remote.server.net:443 </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >/path/to/certificate.pem

    That's what I use with fetchmail to retrieve the certificate of an SSL capable IMAP or POP3 server (except obviously I don't use port 443)

    (Note that "redundant" -servername parameter is necessary to make openssl do a request with SNI support.)

    • 45

  2. From http://www.madboa.com/geek/openssl/#cert-retrieve

    #!/bin/sh
#
# usage: retrieve-cert.sh remote.host.name [port]
#
REMHOST=$1
REMPORT=${2:-443}

echo |\
openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
    • 9