Due to the HeartBleed SNAFU, I needed a quick solution for getting the information from a certificate deployed on a remote machine. As I rarely leave the comfort of my terminal, as always, I simply dumped a new function into the shell’s ~/.*rc file.
Here it is:
Defaults to port 443 if the second argument is unspecified. Example:
get_cert google.com
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:fa:65:0e:26:a1:67:3d
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: May 7 12:15:37 2014 GMT
Not After : Aug 5 00:00:00 2014 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c2:9a:87:d1:79:0a:10:28:64:f3:d7:12:48:93:
13:24:c9:05:9e:1b:94:0d:b1:d6:02:54:27:e2:a4:
87:45:ab:f8:17:19:db:0d:b0:a9:80:34:a1:2a:5e:
98:a7:85:a6:66:2b:69:5c:85:16:fd:43:9f:6f:40:
f2:36:d8:47:4f:16:cd:ef:f4:67:75:c2:07:89:fa:
37:c8:c3:08:37:0b:ec:e3:61:48:86:86:bd:7b:5d:
cc:10:96:9d:be:07:e1:c3:e2:c1:23:04:fa:a6:93:
99:b5:42:7c:55:ab:91:6b:8a:d4:bf:8d:23:df:9d:
4d:96:a7:31:e0:f7:04:39:db:66:d3:d5:64:36:1f:
ef:71:af:df:0b:86:d9:6a:fc:12:c4:8c:94:fe:91:
6f:d4:6c:c0:f8:ec:68:b0:7e:fd:71:42:43:42:34:
ad:a2:fb:3e:12:98:68:d1:b4:23:e6:7d:8a:75:9c:
c1:82:bb:95:55:28:15:50:9e:d0:49:21:b7:6f:ce:
44:c1:3d:9a:e3:05:28:96:0c:53:44:68:6b:63:b4:
f1:4a:79:3d:09:7d:f0:96:e6:78:95:36:aa:89:40:
d8:9c:60:f9:b1:1c:23:d5:6c:b7:2d:f4:e4:00:ff:
7b:9b:f2:02:43:c1:d2:e1:95:2c:a1:41:d4:88:72:
0b:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, DNS:*.google-analytics.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com, DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.ytimg.com, DNS:android.com, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:urchin.com, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
2B:56:D4:98:8E:81:28:99:CD:17:89:09:21:EB:3B:8B:EF:7E:19:A0
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
X509v3 CRL Distribution Points:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha1WithRSAEncryption
27:35:81:4e:df:79:e9:c7:9c:c1:5b:9c:35:4e:67:00:de:38:
cb:a0:2f:58:91:61:11:a3:cf:ae:49:63:84:76:74:20:43:35:
7c:e7:82:3e:7f:43:c8:94:71:9d:33:72:cc:3c:3e:0f:97:00:
ef:08:65:7c:cc:e3:32:ca:16:b4:fb:73:7c:43:b2:eb:47:2d:
3b:b9:b2:c8:4b:1a:ca:77:d0:65:55:fc:1c:76:7e:6d:86:d9:
2f:e5:7b:63:5c:5f:77:9e:75:39:4f:36:0a:c2:8a:35:dc:f7:
02:cb:03:c6:17:bb:2f:03:a1:de:12:c9:ab:03:ce:6d:17:0e:
cb:78:24:e4:36:13:0e:e7:12:e5:e2:84:42:cc:d3:aa:32:b7:
78:07:ae:24:23:69:be:90:9c:d3:38:51:05:5a:69:05:be:e3:
8d:7b:ae:2b:37:c1:35:3a:b5:51:1f:46:fe:10:a7:ce:af:d2:
b6:a5:8f:13:a5:57:03:63:25:0e:bc:6e:c7:e5:7b:22:4e:ff:
67:9d:15:30:93:21:c1:08:03:6f:ab:5a:33:d8:41:c2:2a:8e:
5a:a9:67:26:6e:6a:c1:46:8e:50:e7:4e:c7:51:66:eb:0b:ef:
9d:c9:6a:d2:7f:a9:25:89:c2:28:aa:e5:fd:e4:74:9b:95:32:
5d:15:ed:d0