OpenSSL command to download the certificate from website is as follows
echo -n | openssl s_client -connect $HOST:$PORTNUMBER -servername $SERVERNAME \
| openssl x509 > $SERVERNAME.cert
Simple Example to download the certificate from google.com
echo -n | openssl s_client -connect google.com:443 -servername google.com\
| openssl x509 > certificate.cert
Where,
echo -n
produces empty message to server so successful connection is made
The -servername
is required to select the correct certificate when website is hosed on server with shared IP among different domains, that is in case of SNI.
Option –showcerts
downloads all the certificates in the chain, use it if you want see or download all of them in the certificate chain.
it is not required to specify -showcerts
if you are looking for only server certificate.
The piped output to the command. “openssl x509” will remove the intermediate certs and also the connection details
To display all intermediate certificates use the option “-showcerts”
echo -n | openssl s_client -connect getkt.com:443 -servername getkt.com -showcerts
To save just the public key from the certificate of a website, use the command openssl x509 with -pubkey option
echo -n | openssl s_client -connect getkt.com:443 -servername getkt.com | openssl x509 -pubkey -noout
To save the public key into a file
echo -n | openssl s_client -connect getkt.com:443 -servername getkt.com | openssl x509 -pubkey -noout > getkt_com.pub
Replace what is bold with targeted domain or host
Download certificate using gnutls
gnutls-cli --print-cert www.example.com \
< /dev/null \
> www_example_com.certs
Display certificate details using curl with –verbose option
curl --verbose https://www.example.com
To discard body and progress and print only headers and certificate information
curl --verbose https://getkt.com -o/dev/null -s -D/dev/stdout
Where,
-s. option hides the progress
-o sends body to null device
-D Dump headers information to stdout
Using Python to download and print the certificate commandline
python -c "import ssl; print(ssl.get_server_certificate(('www.getkt.com', 443)))"
Above code in descriptive manner is
import ssl
cert = ssl.get_server_certificate(('www.getkt.com', 443))
print(cert)
Leave a Reply