How to retrieve additional information from an SSL Certificate?

In one of our former posts, we posted on how to check SSL certificate expiration Date from command line.

How can we retrieve additional info from an SSL Certificate? We will show some examples here.

Who issued the certificate?

$ echo | openssl s_client -connect ele.me:443 2>/dev/null | openssl x509 -noout -issuer
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G2

To whom was the certificate issued?

$ echo | openssl s_client -connect ele.me:443 2>/dev/null | openssl x509 -noout -subject
subject= /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com

For what dates is the certificate valid?

$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Sep 29 18:49:39 2015 GMT
notAfter=Dec 28 00:00:00 2015 GMT

For the above, all at once:

$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
issuer= /C=US/O=Google Inc/CN=Google Internet Authority G2
subject= /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
notBefore=Sep 29 18:49:39 2015 GMT
notAfter=Dec 28 00:00:00 2015 GMT

What’s the hash value?

$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -hash
74e6cf7e

What is its MD5 fingerprint?

$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -fingerprint
SHA1 Fingerprint=AD:3C:56:FB:E8:C0:62:B0:FF:89:21:52:98:B1:A1:D4:94:A4:1C:84

Extract all information from an SSL certificate

$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:7f:77:0c:42:14:91:4d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
        ...
Share Button

Leave a comment

Your email address will not be published. Required fields are marked *