I keep running into an issue where I need to get a server certificate sometimes, and its not always accessible via the browser.
When I need it from the server - this handy comment on this site worked like a charm http://serverfault.com/questions/139728/how-to-download-ssl-certificate-from-a-website
When I need it from the server - this handy comment on this site worked like a charm http://serverfault.com/questions/139728/how-to-download-ssl-certificate-from-a-website
echo -n | openssl s_client -connect HOST:PORTNUMBER | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$SERVERNAME.cert
That will save the certificate to/tmp/$SERVERNAME.cert.
You can use-showcertsif you want to download all the certificates in the chain. But if you just want to download the server certificate, there is no need to specify-showcertsecho -ngives a response to the server, so that the connection is released
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'removes information about the certificate chain. This is the preferred format to import the certificate into other keystores.
Thanks to the person who gave that comment, it has helped me immensley.
1 comment:
Thanks for sharing this post with everyone of us today, there are people out there looking for stuffs like the one you have here. I am really happy to come across your site, tanks ones more. I will be happy to have visitors visit my website @tecteem, I have amazing sentences that you will find lovely to read.
Post a Comment