openssl is a powerful utility, but how often do you need to look up the options when you want to use it?
The 80/20 rule.. This script will do what you want most of the time (for me anyway), without hitting the manpage.
It spits out most of the relevant information you want, whether you want to check a URL, a host and port, or a certificate file. It automatically detects what you are checking for. Nothing else to remember.
Simple, but useful.
#!/bin/bash # # @(#) sslinfo - Quick and dirty script to grab some useful info # @(#) $Id: sslinfo,v 1.5 2015/11/20 05:38:37 bduncan Exp bduncan $ # # Blame: [email protected], Fri Nov 20 00:01:45 EST 2015 # # Description: url, address or file in $1 ; optional port in $2 # ################################################################### export port=443 [ -z "$1" ] && { echo "usage: `basename $0` file|URL|address [port]"; exit 1; } case "$1" in https*) set -- `echo $1 | sed 's|https://\([^:/]*\):*\([0-9]*\).*$|\1 \2|'` ;; esac [ -n "$2" ] && port=$2 ( if [ -r "$1" ] ; then cat "$1" else openssl s_client -connect $1:$port < /dev/null 2>/dev/null fi ) | openssl x509 -noout -subject -issuer -dates -fingerprint -serial | sed 's/=/~/' | awk -F~ '{printf "%-20s %s\n", $1, $2}'
Example use. Create a pem file and test it, test the URL or hostname directly. Specify an optional port. The script detects which you are testing.
$ sslinfo usage: sslinfo file|URL|address [port] $ openssl s_client -connect google.com:443 </dev/null 2>/dev/null | sed -n '/BEGIN/,/END/p' > google.pem $ sslinfo google.pem subject CN = *.google.com issuer C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 notBefore Mar 28 16:47:33 2023 GMT notAfter Jun 20 16:47:32 2023 GMT SHA1 Fingerprint ED:88:16:3C:FE:E3:0A:31:34:FF:BE:21:B4:92:AA:6F:B9:EA:AA:B5 serial 060828C719856D810A61E1D6DD92DF83 $ sslinfo google.com subject CN = *.google.com issuer C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 notBefore Mar 28 16:47:33 2023 GMT notAfter Jun 20 16:47:32 2023 GMT SHA1 Fingerprint ED:88:16:3C:FE:E3:0A:31:34:FF:BE:21:B4:92:AA:6F:B9:EA:AA:B5 serial 060828C719856D810A61E1D6DD92DF83 $ sslinfo https://www.google.com/ subject CN = www.google.com issuer C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 notBefore Mar 28 16:54:58 2023 GMT notAfter Jun 20 16:54:57 2023 GMT SHA1 Fingerprint 3E:43:00:13:2A:5D:12:97:9E:3A:1C:62:F3:7E:D1:C4:FB:DB:B7:73 serial 751A47665BB124F20A5F38180A2BEC77