Command line tool for fetching and analyzing SSL certificate

Following the heartbleed vulnerability in openSSL, all the SSH certificate on our servers were re-issued and re-installed.

Since it is likely that we've missed something on a server (for example, restarting Apache), we are checking the servers manually by clicking the key logo in Chrome:

enter image description here

This is slow and error prone. Is there a command line tool that can fetch the certificate ID/Serial number from a server?

Update

I ended up using a variation on MichelZ's answer:

echo "" | openssl s_client -showcerts -status -verify 0 \
        -connect www.mydomain.com:443 2>&1 | \
        egrep "Verify return|subject=/serial"
  • echo is necessary for openssl to exit (it waits for input otherwise).
  • -verify 0 verifies the certificate.
  • 2>&1 redirects standard error to standard output
  • egrep shows only the validation status and the serial number.

You can use OpenSSL to retrieve the certificate:

openssl s_client -showcerts -connect some_server:server_port