How to extract X.509 certificate from live network traffic automatically on Linux OS

linux ssl-certificate network-traffic

Are you trying to specifically extract it from a packet capture, or are you wanting to just grab the cert from the command line during the handshake?

If you are just needing to grab the cert itself, you can do the following:

echo | openssl s_client -connect sub.domain.tld:443 | openssl x509 -noout -text

If you run the command without piping back to openssl, then you can see a lot more details about the certificate, but the second openssl command extracts the certificate itself.

The echo pipe is required in order for the OpenSSL shell to exit cleanly in order to return to your Bash prompt.

This will obviously write everything to STDOUT. If you want to save the certificate, you will need to redirect to a file by ending the command with > filename.crt. If there are any errors in the certificate chain, they will not end up in the file, but will instead be written to STDERR.

Related

Create a new objectClass in order to add a custom attribute to an existing objectClass
Setting up IPSEC on LAN between two hosts (OpenBSD)
Nginx: How to redirect to https, but not for subdomain
ZFS keeps faulting the same device
Are caching proxy servers still be helpful for saving bandwith, now that major services have migrated to https?
Nginx + Wordpress in subdirectory
Does zfs send scrub the sent data?
mdadm - stuck reshape operation
Run javascript function on cells of CSV / excel file
vb.net select statement failing
Javascript regex for semicolon not in complex nested quotes
visual studio code error ) expected css-rparentexpected version 1.62.2?