Friday, June 12, 2009

Debugging Certs using OpenSSL

Sometimes, I could just kick myself. I know OpenSSL has a lot of great features, but I never spend any time learning the myriad of command line options.

Today, Matt showed me some really useful ones at work:


To print out a certificate in human-readable format:

openssl x509 -in certfile.crt -text


To print out hash fingerprint of a cert:

openssl x509 -in certfile.crt -fingerprint


To show the certs being served up by an SSL/TLS endpoint:

openssl s_client -connect hostname:443 -showcerts


I'm making a resolution that I'm going to spend a few hours going over the OpenSSL docs to learn more!