Thursday, May 20, 2010

SSL Certificates from the Command-Line

If you've ever wondered how to easily inspect a certificate from the command line, look no further than openssl.

openssl s_client -connect hostname:port

If you ever need to look up several hosts at once and want to report the ones which will expire before a given date, try this script:

thresholdDate="June 30, 2010"
(for hostAndPort in $(< $hostFile )
               $(date -d "\
                              $(echo blah |\
                                 openssl s_client -connect $hostAndPort 2> /dev/null |\
                                 sed "1,/Server certificate/ {d}; /subject/,$ {d;};"|\
                                 openssl x509 -text 2> /dev/null|\
                                 grep "Not After"|\
                                 sed "s/.* : //"\
  if (( $( date -d "$dateStr" +%s ) <= $( date -d "$thresholdDate" +%s ) ))
    echo ${hostAndPort%:*}\|$dateStr
done)| column -s "|" -t

Right now, there's not much error checking in this script. And, I'm not doing any TLS stuff. The hostFile just contains host:port pairs, one host per line.


  1. I read the above article and I got some knowledge from your article.standardised work certificate automation solution It's actually great and useful data for us. Thanks for share it.

  2. Harrah's Philadelphia Casino and Racetrack - Mapyro
    View Harrah's 김천 출장안마 Philadelphia Casino and Racetrack map, 서귀포 출장안마 including elevation, elevation, 777 Harrahs Blvd, 태백 출장안마 Chester, PA 19013, 남양주 출장안마 United States. Rating: 3.6 · ‎6,254 reviews 강원도 출장마사지