How to download certificate from a Website CommandLine

OpenSSL command to download the certificate from website is as follows

echo -n | openssl s_client -connect $HOST:$PORTNUMBER -servername $SERVERNAME \
    | openssl x509 > $SERVERNAME.cert

Simple Example to download the certificate from google.com

echo -n | openssl s_client -connect google.com:443 -servername google.com\
    | openssl x509 > certificate.cert

Where,

echo -n  produces empty message to server so successful connection is made

The -servername is required to select the correct certificate when website is hosed on server with shared IP among different domains, that is in case of SNI.

Option –showcerts  downloads all the certificates in the chain, use it if you want see or download all of them in the certificate chain.
it is not required to specify -showcerts if you are looking for only server certificate.

The piped output to the command. “openssl x509” will remove the intermediate certs and also the connection details

To display all intermediate certificates use the option “-showcerts”

echo -n | openssl s_client -connect getkt.com:443 -servername getkt.com -showcerts

To save just the public key from the certificate of a website, use the command openssl x509 with -pubkey option

echo -n | openssl s_client -connect getkt.com:443 -servername getkt.com  | openssl x509 -pubkey  -noout

To save the public key into a file

echo -n | openssl s_client -connect getkt.com:443 -servername getkt.com  | openssl x509 -pubkey  -noout > getkt_com.pub

Replace what is bold with targeted domain or host

Download certificate using gnutls

gnutls-cli --print-cert www.example.com \
        < /dev/null \
        > www_example_com.certs

Display certificate details using curl with –verbose option

curl --verbose https://www.example.com

To discard body and progress and print only headers and certificate information

curl --verbose https://getkt.com  -o/dev/null -s -D/dev/stdout

Where,

-s. option hides the progress
-o sends body to null device

-D Dump headers information to stdout

Using Python to download and print the certificate commandline

python -c "import ssl; print(ssl.get_server_certificate(('www.getkt.com', 443)))"

Above code in descriptive manner is

import ssl 
cert = ssl.get_server_certificate(('www.getkt.com', 443))
print(cert)
Default image
neotam
Naveen T aka neotam. Programming language agnostic, Software architect, Python expert, Networking & DevOps engineer & consultant with 7+ years of experience in creating serious web applications, real time event-driven non blocking applications and database driven applications ranging from small scale to enterprise grade. website
Leave a Reply