openssl wrapper script

openssl is a powerful utility, but how often do you need to look up the options when you want to use it?

The 80/20 rule.. This script will do what you want most of the time (for me anyway), without hitting the manpage.

It spits out most of the relevant information you want, whether you want to check a URL, a host and port, or a certificate file. It automatically detects what you are checking for. Nothing else to remember.

Simple, but useful.

#!/bin/bash
#
# @(#) sslinfo - Quick and dirty script to grab some useful info
# @(#) $Id: sslinfo,v 1.5 2015/11/20 05:38:37 bduncan Exp bduncan $
#
# Blame:  [email protected], Fri Nov 20 00:01:45 EST 2015
#
# Description:  url, address or file in $1 ; optional port in $2
#
###################################################################
export port=443

[ -z "$1" ] && { echo "usage:  `basename $0` file|URL|address [port]"; exit 1; }

case "$1" in
  https*) set -- `echo $1 | sed 's|https://\([^:/]*\):*\([0-9]*\).*$|\1 \2|'` ;;
esac

[ -n "$2" ] && port=$2

(
  if [ -r "$1" ] ; then
    cat "$1"
  else
    openssl s_client -connect $1:$port < /dev/null 2>/dev/null
  fi
) |


openssl x509 -noout -subject -issuer -dates -fingerprint -serial |
sed 's/=/~/' | awk -F~ '{printf "%-20s %s\n", $1, $2}'

 


Example use. Create a pem file and test it, test the URL or hostname directly. Specify an optional port. The script detects which you are testing.

$ sslinfo
usage:  sslinfo file|URL|address [port]

$ openssl s_client -connect google.com:443 </dev/null 2>/dev/null |
 sed -n '/BEGIN/,/END/p'  > google.pem

$ sslinfo google.pem
subject              CN = *.google.com
issuer               C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
notBefore            Mar 28 16:47:33 2023 GMT
notAfter             Jun 20 16:47:32 2023 GMT
SHA1 Fingerprint     ED:88:16:3C:FE:E3:0A:31:34:FF:BE:21:B4:92:AA:6F:B9:EA:AA:B5
serial               060828C719856D810A61E1D6DD92DF83

$ sslinfo google.com
subject              CN = *.google.com
issuer               C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
notBefore            Mar 28 16:47:33 2023 GMT
notAfter             Jun 20 16:47:32 2023 GMT
SHA1 Fingerprint     ED:88:16:3C:FE:E3:0A:31:34:FF:BE:21:B4:92:AA:6F:B9:EA:AA:B5
serial               060828C719856D810A61E1D6DD92DF83

$ sslinfo https://www.google.com/
subject              CN = www.google.com
issuer               C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
notBefore            Mar 28 16:54:58 2023 GMT
notAfter             Jun 20 16:54:57 2023 GMT
SHA1 Fingerprint     3E:43:00:13:2A:5D:12:97:9E:3A:1C:62:F3:7E:D1:C4:FB:DB:B7:73
serial               751A47665BB124F20A5F38180A2BEC77