OPEN SSL:
echo quit | openssl s_client -showcerts -servername server -connect server:443
server replaced by server name
openssl s_client -connect <endpoint hostname or IP address>:<port> -showcerts
https://daniel.haxx.se/blog/2018/11/07/get-the-ca-cert-for-curl/#:~:text=When%20you%20use%20curl%20to,the%20%E2%80%93cacert%20command%20line%20option.
use open ssl to get cert:
openssl s_client -showcerts -connect www.example.com:443 </dev/nullopenssl s_client -connect <domain>:443 -showcertshttps://stackoverflow.com/questions/7885785/using-openssl-to-get-the-certificate-from-a-serverWhen you use curl to communicate with a HTTPS site (or any other protocol that uses TLS), it will by default verify that the server is signed by a trusted Certificate Authority (CA). It does this by checking the CA bundle it was built to use, or instructed to use with the –cacert command line option.
Sometimes you end up in a situation where you don’t have the necessary CA cert in your bundle. It could then look something like this:
https://daniel.haxx.se/blog/2018/11/07/get-the-ca-cert-for-curl/#:~:text=When%20you%20use%20curl%20to,the%20%E2%80%93cacert%20command%20line%20option.
$ curl https://example.com/
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
No comments:
Post a Comment