You can verify an SSL certificate from a shell prompt using the openssl command-line tool. Here’s how to do it:
- Open a terminal or shell prompt on your Linux or Unix system.
- Run the following command to check the SSL certificate of a website:
openssl s_client -connect example.com:443
Replace
example.comwith the domain name or IP address of the website you want to check. The:443at the end specifies that the connection should use port 443, which is the default port for HTTPS connections. - The output of the command will include the SSL certificate for the website. Look for the
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----lines to find the certificate. You can also use thegrepcommand to filter the output to show only the certificate:openssl s_client -connect example.com:443 | openssl x509 -noout -text
This command uses
grepto filter the output of theopensslcommand and theopenssl x509command to show the certificate in a human-readable format. - To verify that the certificate is valid, check that the output includes the following information:
IssuerandSubject: These fields should contain the name of the organization that issued the certificate and the name of the website, respectively.Validity: This field should show the start and end dates of the certificate’s validity.Signature Algorithm: This field should show the type of signature used to sign the certificate.
If any of these fields are missing or incorrect, the certificate may be invalid or fraudulent.
That’s it! You have verified the SSL certificate for a website from a shell prompt using the openssl command-line tool.