Command line tool for fetching and analyzing SSL certificate

ssl command-line-interface heartbleed

Following the heartbleed vulnerability in openSSL, all the SSH certificate on our servers were re-issued and re-installed.

Since it is likely that we've missed something on a server (for example, restarting Apache), we are checking the servers manually by clicking the key logo in Chrome:

enter image description here

This is slow and error prone. Is there a command line tool that can fetch the certificate ID/Serial number from a server?

Update

I ended up using a variation on MichelZ's answer:

echo "" | openssl s_client -showcerts -status -verify 0 \
        -connect www.mydomain.com:443 2>&1 | \
        egrep "Verify return|subject=/serial"
  • echo is necessary for openssl to exit (it waits for input otherwise).
  • -verify 0 verifies the certificate.
  • 2>&1 redirects standard error to standard output
  • egrep shows only the validation status and the serial number.

You can use OpenSSL to retrieve the certificate:

openssl s_client -showcerts -connect some_server:server_port

Related

Direct several subdomains to a single backend with haproxy
How to set DNS exclusively for a Network Namespace in Linux
Check if a path exceeds maximum for Unix domain socket
How to create a swap for Azure Ubuntu VM?
How long does dnsmasq cache dns?
AWS RDS MySQL vs Aurora
How to add non-latin entries in hosts file
How Uninstall pip and python [closed]
How do I setup multiple subdomains with their own certificate using nginx?
Force Ansible to log off to refresh user groups
At what point does a domain suit a network better than a workgroup?
E-mail notifications of SVN commits [closed]