Command to display remote certificate information

You can use openssl to get the information. It is usually installed by default in every distribution.

$ openssl s_client -connect codidact.com:443 -showcerts </dev/null | openssl x509 -text
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R4
verify return:1
depth=1 C = US, O = Google Trust Services, CN = WE1
verify return:1
depth=0 CN = codidact.com
verify return:1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:47:84:d5:72:2f:87:93:0d:cb:0c:8d:e1:cb:8b:51
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C = US, O = Google Trust Services, CN = WE1
        Validity
            Not Before: Jul 19 22:57:44 2024 GMT
            Not After : Oct 17 22:57:43 2024 GMT
        Subject: CN = codidact.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:cf:48:b5:11:18:91:1d:51:08:0e:57:fe:79:87:
                    df:b9:e5:c5:3a:12:82:01:48:ed:2f:da:e7:77:b5:
                    5b:03:20:57:76:1b:4d:8f:81:d9:86:79:3f:63:12:
                    d1:cd:60:51:04:c6:1c:a5:f5:05:ce:1a:16:5b:28:
                    00:8a:3f:fb:06
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                90:8E:C8:D1:B7:1A:71:04:21:31:1D:0A:58:18:3A:F7:88:BA:B4:90
            X509v3 Authority Key Identifier:
                90:77:92:35:67:C4:FF:A8:CC:A9:E6:7B:D9:80:79:7B:CC:93:F9:38
            Authority Information Access:
                OCSP - URI:http://o.pki.goog/s/we1/FUc
                CA Issuers - URI:http://i.pki.goog/we1.crt
            X509v3 Subject Alternative Name:
                DNS:codidact.com, DNS:*.codidact.com
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://c.pki.goog/we1/c9egY9ikPsU.crl
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
                                91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
                    Timestamp : Jul 19 23:57:44.693 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:02:BE:E2:BA:07:C0:92:31:31:2B:66:5C:
                                47:25:0D:95:F3:93:D8:F5:D4:62:3E:C2:A8:16:B7:1B:
                                AE:3E:22:E6:02:21:00:96:DD:18:EC:9B:BB:F9:EC:85:
                                9D:35:63:E7:72:05:2E:B4:7A:A3:2F:6D:95:8F:25:65:
                                2C:5D:43:49:82:C5:85
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Jul 19 23:57:44.632 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:8D:BB:62:01:CB:49:3E:EC:01:AE:3A:
                                5E:F5:31:1A:DD:47:3B:4D:E7:CB:2E:42:8E:71:D2:50:
                                01:1C:48:9B:A0:02:21:00:CE:CE:80:9F:D3:72:5C:C5:
                                77:92:D8:9D:13:2B:28:46:5F:E8:F6:80:D2:33:01:15:
                                86:33:70:23:BF:7E:25:F0
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:45:02:20:06:88:49:33:37:a4:ce:46:1d:4b:d5:fd:7a:8a:
        53:50:4a:41:a6:63:0c:3a:21:9c:ef:ee:a1:4f:a0:f5:0a:2b:
        02:21:00:c4:8a:e3:c0:cf:af:8a:7a:a0:99:9d:12:32:f9:7e:
        09:d2:7d:2a:23:dd:78:94:22:e4:10:3c:ad:c8:02:56:68

posted 3 months ago

CC BY-NC-SA 4.0

3mo ago

GeraldS‭

351 reputation 3 23 40 22

nmap can do this:

$ nmap -p 443 --script ssl-cert codidact.com 
Starting Nmap 7.95 ( https://nmap.org ) at 2024-08-12 10:06 EEST
Nmap scan report for codidact.com (104.26.0.18)
Host is up (0.0037s latency).
Other addresses for codidact.com (not scanned): 172.67.69.183 104.26.1.18 2606:4700:20::ac43:45b7 2606:4700:20::681a:112 2606:4700:20::681a:12

PORT    STATE SERVICE
443/tcp open  https
| ssl-cert: Subject: commonName=codidact.com
| Subject Alternative Name: DNS:codidact.com, DNS:*.codidact.com
| Issuer: commonName=WE1/organizationName=Google Trust Services/countryName=US
| Public Key type: ec
| Public Key bits: 256
| Signature Algorithm: ecdsa-with-SHA256
| Not valid before: 2024-07-19T22:57:44
| Not valid after:  2024-10-17T22:57:43
| MD5:   21a2:8844:43a9:2f68:6bbc:a49e:f3c0:d9a6
|_SHA-1: b42f:d65f:cd2d:5281:9d40:52bf:6578:6c74:95df:7c1a

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds

It uses the ssl-cert nmap script to gather and print out the information. -p 443 just selects the port to scan, and 443 happens to be the usual HTTPS port.

posted 3 months ago

CC BY-SA 4.0

Iizuki‭

610 reputation 27 32 80 17