Command line tool for fetching and analyzing SSL certificate

Question

Following the heartbleed vulnerability in openSSL, all the SSH certificate on our servers were re-issued and re-installed.

Since it is likely that we've missed something on a server (for example, restarting Apache), we are checking the servers manually by clicking the key logo in Chrome:

enter image description here

This is slow and error prone. Is there a command line tool that can fetch the certificate ID/Serial number from a server?

Update

I ended up using a variation on MichelZ's answer:

echo "" | openssl s_client -showcerts -status -verify 0 \
        -connect www.mydomain.com:443 2>&1 | \
        egrep "Verify return|subject=/serial"

echo is necessary for openssl to exit (it waits for input otherwise).
-verify 0 verifies the certificate.
2>&1 redirects standard error to standard output
egrep shows only the validation status and the serial number.

don't forget to use `-servername` for `SNI` (server name indication) when you have multiple vhosts. — minusf, Mar 06 '19 at 14:16

MichelZ · Accepted Answer · 2014-04-17T11:26:18.967

16

You can use OpenSSL to retrieve the certificate:

openssl s_client -showcerts -connect some_server:server_port

edited Apr 17 '14 at 11:26

answered Apr 17 '14 at 10:57

MichelZ

11,008
4
30
58

Great, thanks. I've adapted your answer to my needs and it works perfectly. Thanks! – Adam Matan Apr 17 '14 at 11:46

Command line tool for fetching and analyzing SSL certificate

1 Answers1