Command line tool for fetching and analyzing SSL certificate
Following the heartbleed vulnerability in openSSL, all the SSH certificate on our servers were re-issued and re-installed.
Since it is likely that we've missed something on a server (for example, restarting Apache), we are checking the servers manually by clicking the key logo in Chrome:
This is slow and error prone. Is there a command line tool that can fetch the certificate ID/Serial number from a server?
Update
I ended up using a variation on MichelZ's answer:
echo "" | openssl s_client -showcerts -status -verify 0 \
-connect www.mydomain.com:443 2>&1 | \
egrep "Verify return|subject=/serial"
-
echo
is necessary foropenssl
to exit (it waits for input otherwise). -
-verify 0
verifies the certificate. -
2>&1
redirects standard error to standard output -
egrep
shows only the validation status and the serial number.
You can use OpenSSL to retrieve the certificate:
openssl s_client -showcerts -connect some_server:server_port