6

I will appreciate if someone can point me How to extract an X.509 certificate from live network traffic automatically during the handshake phase between client and server on Linux OS.

A similar question has been asked quiet some time back Extracting SSL certificates from the network or pcap files but the answer was incomplete.

The answer says to use the following command

ssldump -Nr file.pcap | awk 'BEGIN {c=0;} { if ($0 ~ /^[ ]+Certificate$/) {c=1; print "========================================";} if ($0 !~ /^ +/ ) {c=0;} if (c==1) print $0; }'

But it is given for manual extraction of the certificate due to the involvement of pcap file.

Can any one help in either modifying the above command to suit my requirement or suggest any other alternative method to do the same.

Community
  • 1
Prasanth
  • 61
  • 1

1 Answers1

2

Are you trying to specifically extract it from a packet capture, or are you wanting to just grab the cert from the command line during the handshake?

If you are just needing to grab the cert itself, you can do the following:

echo | openssl s_client -connect sub.domain.tld:443 | openssl x509 -noout -text

If you run the command without piping back to openssl, then you can see a lot more details about the certificate, but the second openssl command extracts the certificate itself.

The echo pipe is required in order for the OpenSSL shell to exit cleanly in order to return to your Bash prompt.

This will obviously write everything to STDOUT. If you want to save the certificate, you will need to redirect to a file by ending the command with > filename.crt. If there are any errors in the certificate chain, they will not end up in the file, but will instead be written to STDERR.

rubynorails
  • 369
  • 3
  • 14