Verify Server Certificate with OpenSSL

Here’s a quick note for checking the contents of a TLS (SSL) server certificate with the OpenSSL command-line tools.

Comments: echo “Q” causes the openssl s_client to disconnect (quit) immediately after verifying connectivity. Replace your hostname and port for “your.fqdn.com:443”. The x509 command shows the contents of the certificate in text format.

This should return details for the server cert like: Issuer, Validity (Not Before, Not After), Subject (CN), Subject Alternative Name (SAN), etc. This is useful for verifying changes after installing a new cert or checking values for your existing certs (expiration, …).

Linux users will have openssl pre-installed. Windows users can find these tools in Git Bash, or with the latest Windows 10 in Windows Subsystem for Linux (WSL) distribution like Ubuntu.

Advertisements

About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in System Administration and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s