If ever you need to write a script that needs you to scan the details of an SSL Certificate of a particular website, you can use this nifty one-liner to get the information that you need.
Security Certificates identify your site as a legit site and offers more secure connection by encrypting the data as it passes along the Internet highway. If the data is encrypted, chances are, the data being transmitted is less likely to be sniffed by malicious hackers.
If you manage hundreds of websites, each with its own SSL certificate that expires on different dates, you will need to create a script that will scan the certificates and capture the expiration dates and there is a nifty Linux command that can do this.
First step: Getting the CRT file.
To get the CRT file, use this command: (In this example, we will check the SSL of https://payperpost.com)
openssl s_client -connect payperpost.com:443
You will see a bunch of information, the same ones that can be found when you click the padlock icon on the browser, but what you are looking for is this:
—
Server certificate
—–BEGIN CERTIFICATE—–
MIIDSTCCArKgAwIBAgIDCEfCMA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVT
MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4
IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDgwNDIyMTgzMzI0WhcN
MDkwNzIzMTgzMzI0WjCBuDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDnBheXBlcnBv
c3QuY29tMRMwEQYDVQQLEwpHVDYxNDEwMDQwMTEwLwYDVQQLEyhTZWUgd3d3Lmdl
b3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzIChjKTA4MS8wLQYDVQQLEyZEb21haW4g
Q29udHJvbCBWYWxpZGF0ZWQgLSBRdWlja1NTTChSKTEXMBUGA1UEAxMOcGF5cGVy
cG9zdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANYvXbe3oQy26gnL
H3wmPfmfzR5c0L5dCcBLkzqo8wJKVzlzlDgl6a9tFVJkotyoTJunI3qtwqmUeCQI
DyIqwnOdFDmTDm67PBn6315FN2xBvkf4ukmqBoJTjvuPuAY2Ye6xmhyMoJrN7uF5
ac2MR84y4VbuFGY5EIqd/bFCEOa1AgMBAAGjgb0wgbowDgYDVR0PAQH/BAQDAgTw
MB0GA1UdDgQWBBRN4gGXvUszrizghqxJpd+R6oKE6TA7BgNVHR8ENDAyMDCgLqAs
hipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL2dsb2JhbGNhMS5jcmwwHwYD
VR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAqlQ9
b+6g2ZDW8O4gkDq/lNJfzY8wQrYGzunAZYxYtny2ejovFnz6DkMThNW8DmPNNv4P
dBikoICCh/8HM9luHcRbPAN0pycEF7FS7/leJ0egBm6G28we4XeBQQ+2AhAitUyZ
34BeotMGpw9vlwrleDtmUT6itncoYHp/Nt7TDyQ=
—–END CERTIFICATE—–
This is the CRT file and from this file, you will get the expiration date of the certificate.
Second step: Save the CRT file and scan.
Save the server certificate into a file, for example ssl.txt starting from
—–BEGIN CERTIFICATE—–
to
—–END CERTIFICATE—–
and you can use this command to extract the expiration date information from the file:
openssl x509 -in ssl.txt -enddate -noout
The result is:
notAfter=Jul 23 18:33:24 2009 GMT
Now you can use this information in your script so you can automate scanning of all your sites’ certficates.
—
220-601 as well as 70-620 are both prerequisites to the complicated SY0-101. This is one of the reasons why people try for 642-812 before sitting in the actual test, since the scores matter a lot.
Popularity: 15% [?]
[...] See the original post: Tip: Simple SSL Certificate Scanner [...]
Nice tip i’ll put this on my bookmarks…..
Raxsos last blog post..How to Perform System restore in Windows Vista