title: Grabbing a server SSL certificate link: https://onemoretech.wordpress.com/2009/03/23/grabbing-a-server-ssl-certificate/ author: lembobro description: post_id: 354 created: 2009/03/23 04:25:32 created_gmt: 2009/03/23 04:25:32 comment_status: open post_name: grabbing-a-server-ssl-certificate status: publish post_type: post

Grabbing a server SSL certificate

We’re in the midst of learning the ins-and-outs of using SSL with Java applications right now, and so this bit of ancient open source wisdom came in handy. If you need to retrieve an SSL certificate from a server and have a Linux or modern Unix machine available with openssl on it, you can use the procedure below. In this example we’ll retrieve the SSL cert for a web server.

openssl s_client -connect www.example.com:https

You would substitute the actual port number for “https” if it was anything other than the standard TCP port 443 for HTTPS. Getting the cert for an LDAP server would use the same basic syntax.

openssl s_client -connect www.example.com:ldaps

Again, if the server SSL port is anything other than the standard 636 for LDAPS, you would put in the actual port number instead of “ldaps”. The certificate is everything between the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” lines. To make a certificate file simply copy those lines (including the BEGIN and END) into a file and save as something like “server.pem”. To get the certificate of the CA (Certificate Authority) who signed the server certificate, use this command:

openssl s_client -showcerts -connect www.example.com:https

Copyright 2004-2019 Phil Lembo