Related to certificate expiration, take a look at this script: debug Print additional info that might be helpful when debugging this These will be typically beĪdditional hostnames that the certificate is valid for. all-info Print all output, including boring things like Modulus and It can parse out some of the openssl output or just dump all S_client to get certificate information from remote hosts, or x509 for localĬertificate files. This shell script is a simple wrapper around the openssl binary. It provides options for parsing out most of the certificate information I'm typically interested in, or display raw openssl output.Ĭan either query a local certificate file, or a remote server. It's just a wrapper around the openssl command that saves me from remembering the syntax. also checking clientcerts, imaps on odd ports, etc) - but I don't always need that.Īlternatively, if you have time to dig in & setup or appreciate more features, there's the bigger tool named sslyze (not using it since dependencies and install.) What I like that instead of being a ssl-centric cli tool like openssl's s_client, this one tries to just do the one job we need most of the time. That output is followed by the whole certificate chain at the same level of detail. : C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA : OU=Domain Control Validated, OU=Gandi Standard SSL, CN= *** C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=, CN=UTN-USERFirst-Hardware ** C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA * OU=Domain Control Validated, OU=Gandi Standard SSL, CN= This is what the first few lines of the output look like: $. It's great to double-check you have all info correct for re-issuing certs or validating existing ones, and also as few dependencies AND it requires no setup.
To check for SSL certificate details, I use the following command line tool ever since it's become available: Retrieve-ServerCertFromSocket 443 | fl subject,*not*,Thumb*,ser* Retrieve-ServerCertFromSocket 443 | Export-Certificate -FilePath C:\temp\test.cer start c:\temp\test.cer This allows you to do some neat things like #Save to file and open Throw "Failed to retrieve remote certificate from $hostname`:$port because $_" $sslstream.AuthenticateAsClient($SNIHeader) $sslstream = new-object -ArgumentList $tcpclient.GetStream(),$false
That's my everyday script: curl -insecure -vvI 2>&1 | awk 'BEGIN
0 kommentar(er)
