How to extract X.509 certificate from live network traffic automatically on Linux OS
Are you trying to specifically extract it from a packet capture, or are you wanting to just grab the cert from the command line during the handshake?
If you are just needing to grab the cert itself, you can do the following:
echo | openssl s_client -connect sub.domain.tld:443 | openssl x509 -noout -text
If you run the command without piping back to openssl
, then you can see a lot more details about the certificate, but the second openssl
command extracts the certificate itself.
The echo
pipe is required in order for the OpenSSL shell to exit cleanly in order to return to your Bash prompt.
This will obviously write everything to STDOUT. If you want to save the certificate, you will need to redirect to a file by ending the command with > filename.crt
. If there are any errors in the certificate chain, they will not end up in the file, but will instead be written to STDERR.