check SSL certificate from website

You can easily get the SSL certificate from a website from command line. To get the whole thing in text form:

# echo "quit" | openssl s_client -connect $1:443 2>/dev/null | openssl x509 -noout -text
# (long output)

Also, individual attributes can be checked. Get some useful info by using -issuer or -enddate flags

# echo "quit" | openssl s_client -connect godaddy.com:443 2>/dev/null | openssl x509 -noout -issuer | cut -d '/' -f 5 | cut -d "=" -f2
GoDaddy.com, Inc.
#
#
#echo "quit" | openssl s_client -connect godaddy.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d "=" -f2
Nov 12 19:07:30 2014 GMT
#
share:

generate SSL Certificate Signing Request

First generate a new 2048 bit key:

# openssl genrsa -out fordodone.com.key 2048

I choose not to encrypt the key, because when reloading 240 apache servers, I don’t want to have to enter the passphrase each time. Now we use our key to generate a Certificat Signing Request.

# openssl req -new -key fordodone.com.key -out fordodone.com.csr

To inspect the CSR:

openssl req -in fordodone.com.csr -noout -text

Now you can sign your own cert, or upload/paste the CSR to a 3rd party provider to issue an official SSL Certificate.

share: