Get Server Certificate Openssl

Cert = ssl.getservercertificate((a, port)) except Exception, e: # If it can't connect go to the next iteration so we don't waste time continue try: # use openssl to pull cert information c = OpenSSL.crypto.loadcertificate(OpenSSL.crypto.FILETYPEPEM, cert) subj = c.getsubject comp = subj.getcomponents for data in comp: if 'CN' in data. Def validatechainopenssl(self): 'Validate server certificate chain using openssl system callout' # fetch end-entity certificate and write to tempfile endentitypem = ssl.getservercertificate((self.host, self.port)) try: endentitypemtempfilefd, endentitypemtempfilepath = mkstemp # NOTE: We close the fd here because we open it again below. I am trying to get the SSL/TLS certificate for one of our load balancers (Netscaler) using: openssl sclient -showcerts -connect lb.example.com:443 If its a modern configuration (some hand waiving on what that means), use: openssl sclient -connect lb.example.com:443 -tls1 -servername lb.example.com openssl x509 -text -noout. The server certificate is saved as certificate.pem. Step 2: Get the intermediate certificate. Normally, a CA does not sign a certificate directly. They use intermediaries and we need to this make the openssl command work. So, make a request to get all the intermediaries. To view the list of intermediate certs, use the following command.

  1. Openssl Get Server Certificate Chain
  2. Openssl Get Server Certificate Chain
  3. Openssl Get Certs

Someday you may need to get the SSL certificate of a website and save it locally.

Get Server Certificate Openssl

For example, you could get an error saying that you can’t clone a Git repository due to a self-signed certificate and to resolve this issue you would need to download the SSL certificate and make it trusted by your Git client.

In the following article i am showing how to export the SSL certificate from a server (site URL) using Google Chrome, Mozilla Firefox and Internet Explorer browsers as well as how to get SSL certificate from the command line, using openssl command.

Cool Tip: Create a self-signed SSL Certificate! Read more →

Export SSL Certificate

Google Chrome

Export the SSL certificate of a website using Google Chrome:

  1. Click the Secure button (a padlock) in an address bar
  2. Click the Show certificate button
  3. Go to the Details tab
  4. Click the Export button
  5. Specify the name of the file you want to save the SSL certificate to, keep the “Base64-encoded ASCII, single certificate” format and click the Save button
Get Server Certificate Openssl

Mozilla Firefox

Openssl Get Server Certificate Chain

Get Server Certificate Openssl

Export the SSL certificate of a website using Mozilla Firefox:

Openssl Get Server Certificate Chain

  1. Click the Site Identity button (a padlock) in an address bar
  2. Click the Show connection details arrow
  3. Click the More Information button
  4. Click the View Certificate button
  5. Go to the Details tab
  6. Click the Export button
  7. Specify the name of the file you want to save the SSL certificate to, keep the “X.509 Certificate (PEM)” format and click the Save button

Cool Tip: Check the expiration date of the SSL Certificate from the Linux command line! The fastest way! Read more →

Internet Explorer

Download and save the SSL certificate of a website using Internet Explorer:

  1. Click the Security report button (a padlock) in an address bar
  2. Click the View Certificate button
  3. Go to the Details tab
  4. Click the Copy to File... button
  5. Click the Next button
  6. Select the “Base-64 encoded X.509 (.CER)” format and click the Next button
  7. Specify the name of the file you want to save the SSL certificate to
  8. Click the Next and the Finish buttons
Openssl download cert chain

OpenSSL

Openssl Get Certs

Get the SSL certificate of a website using openssl command:

Short explanation:

OptionDescription
-connect HOST:PORTThe host and port to connect to
-servername NAMEThe TLS SNI (Server Name Indication) extension (website)
certificate.crtSave SSL certificate to this file

Example: