Linux or MacOS
We can use the openssl command-line tool to check information about an SSL certificate in a bash terminal. Here's how we can do it:
View Certificate Information:
To view the details of an SSL certificate in a file, we can use the following command:
- openssl x509 -in <certificate-file-name> -text -noout
Check Certificate Expiry:
To quickly check the expiry date of a certificate, we can use:
- openssl x509 -in <certificate-file-name> -enddate -noout
Verify SSL Connection:
If we want to verify the SSL connection of a website, we can use the following command:
- openssl s_client -connect <domain-name>:443
This command will initiate an SSL connection to the given domain on port 443 (the default HTTPS port) and display detailed information about the certificate, the certificate chain, and the SSL handshake.
Check Certificate Format:
To check the format of a certificate file, we can use the following command:
- openssl x509 -in <certificate-file-name> -text -noout
If the certificate is in PEM format, this command will display the certificate details. If the certificate is not in PEM format, we might get an error indicating that the input file could not be loaded.
Check Private Key Format:
To check the format of a private key file, we can use the following command:
- openssl rsa -in <certificate-file-name> -check
If the private key is in PEM format, this command will display the private key details. If the private key is not in PEM format, we might get an error indicating that the input file could not be loaded.
Check CSR (Certificate Signing Request) Format:
To check the format of a CSR file, we can use the following command:
- openssl req -in <csr-file-name> -text -noout
If the CSR is in PEM format, this command will display the CSR details. If the CSR is not in PEM format, we might get an error indicating that the input file could not be loaded.
Remember that these commands are intended to provide information about the format of the files and their content. If we encounter errors or unexpected outputs, it's possible that the files are corrupted or not in the expected format.
Check .pfx File Contents:
To check the format of a .pfx file, we can use the following command:
- openssl pkcs12 -info -in <pfx-file-name>
This command will provide detailed information about the contents of the .pfx file, including the certificate(s) and any additional information.
Check the Certificate Chain in the .pfx File:
We can use the following command to view the certificate chain in our .pfx file:
- openssl pkcs12 -in <pfx-file-name> -clcerts -nokeys -out certificate-chain.pem
This command will extract the certificate chain from the .pfx file and save it in a PEM-encoded file (certificate-chain.pem).
Check the Private Key in the .pfx File:
To verify the private key within the .pfx file, we can use the following command:
- openssl pkcs12 -in <pfx-file-name> -nocerts -nodes | openssl rsa -check
This command extracts the private key from the .pfx file and checks its validity.
Check .pfx Expiry Date:
To verify the private key within the .pfx file, we can use the following command:
- openssl pkcs12 -in <pfx-file-name> -noout -enddate
This command will display the expiry date of the certificate.
Check .pfx Password:
If the .pfx file is password-protected, we might need to enter the password to access its contents. We will need the correct password available.
SSL Certificate Checker Tools:
There are online SSL certificate checker tools that can help you retrieve the CA certificate chain associated with your SSL certificate. Tools like "SSL Checker" or "SSL Shopper" can display the full certificate chain, including the root and intermediate certificates.