Mind Dump, Tech And Life Blog
written by Ivan Alenko
published under license Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)copy! share!
posted in category Digital Despotism / Linux
posted at 10. Feb '18

Ultimate Certificate Cheatsheet

Default Certificate the Server Sends

  • press CTRL+C or CTRL+D to end

openssl s_client -connect myrtana.sk:443

Get a Certificate For Hostname (SNI)

openssl s_client -connect myrtana.sk:443 -servername myrtana.sk

Get Certificate and List Whole Certificate Chain

openssl s_client -connect myrtana.sk:443 -servername myrtana.sk -showcerts

Save Certificate to File

  • Openssl, Ruby and Python alternatives extract BEGIN CERTIFICATE..END CERTIFICATE

openssl s_client -connect myrtana.sk:443 < /dev/null | openssl x509 > myrtanacert.pem

openssl s_client -connect myrtana.sk:443 < /dev/null | ruby -e "puts STDIN.read.match(/(-----BEGIN CERTIFICATE.*END CERTIFICATE-----)/m)[1]" > myrtanacert.pem

openssl s_client -connect myrtana.sk:443 < /dev/null | python -c "import sys,re;p=re.compile(r'.*(-----BEGIN CERTIFICATE.*END CERTIFICATE-----)', re.DOTALL);print p.match(sys.stdin.read()).group(1)" > myrtanacert.pem

Show Information From Certificate

cat myrtanacert.pem | openssl x509 -noout -text

Brief Information About TLS/SSL connection

openssl s_client -connect myrtana.sk:443 -servername myrtana.sk -brief

TODO

Validate a Certificate Against System Trust

OpenSSL (brew)

MacOS/OSX keyring

OpenSSL (Linux)

OpenSSL (GNU TLS)

Validate a Certificate Agaist a Custom CA Root Certificate

Add a Custom Root CA Authority Root Certificate

OpenSSL (brew)

MacOS/OSX keyring

OpenSSL (Linux)

OpenSSL (GNU TLS)

Add Comment