> Dave,
> Is there a unix command to get the CERT of a domain name?
> I need to check to see if the cert is installed correctly on one of our domains.
echo | openssl s_client -showcert -connect grox.net:443
replace grox.net:443 with host:port that you want to check i.e.,
www.example.com:443
the initial 'echo |' is just to end the connection. s_client is a
client, so it's waiting for intput to talk to the server.
there are other switches available. list 'em with:
openssl s_client -h
or, you can dump the certs and use "openssl x509" to examine 'em:
echo | openssl s_client -showcert -connect grox.net:443 |
sed -n '/BEGIN CERT/,/END CERT/p' |
openssl x509 -noout -text
again, openssl x509 has a ton of switches so you can extract various
parts of the cert instead of dumping the whole thing. to list 'em, do
openssl x509 -h
hth,
...dave
![[grox logo]](/img/groxneon.png){kind=small}