How to save a remote server SSL certificate locally as a file

certificate ssl

If you have access to OpenSSL, try 

openssl s_client -connect {HOSTNAME}:{PORT} -showcerts

replacing {HOSTNAME} and {PORT} with whatever your values are.


A quick method to get the certificate pulled and downloaded would be to run the following command which pipes the output from the -showcerts to the x509 ssl command which just strips everything extraneous off. For example:

openssl s_client -showcerts -connect server.edu:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >mycertfile.pem

To use the certificate, with wget,

wget https:/server.edu:443/somepage --ca-certificate=mycertfile.pem

To be honest, I have never tried this before (never needed to) however, I have just tried in Firefox and it seems to work for saving:

  1. Click on the SSL certificate icon at the top / Padlock at the bottom.
  2. Click View Certificate
  3. Click on the Details Tab
  4. Chose which certificate you want from the hierarchy [not circled in picture]
  5. Click Export

alt text


Exporting a certificate using the Chrome browser

  1. Connect to the website using SSL (https://whatever)

2. Click on the lock symbol and then click on Details

  1. Since Chrome version 56, you do the following: go to the Three Dots Menu -> More Tools -> Developer Tools, then click on the Security Tab. This will give you a Security Overview with a View certificate button.

  2. Click on the View certificate button.

    A modal window will open. It has two panes. The top one shows the trust hierarchy of the site's certificate (the last one listed), the intermediate certificate(s), and the root certificate (the topmost one).

    The second, larger pane, shows the details of one of the certificates.

    There may be zero or more intermediate certificates.

    Note that the root certificate has a gold-bordered icon. The others have a blue border.

    See the screen shot below.

  3. To export a certificate:

    1. First click on the certificate's icon in the trust hierarchy.
    2. The certificate will be shown in the main part of the modal.
    3. Click on the certificate's large icon in the main part of the modal. Drag the icon to your desktop. Chrome will then copy the certificate to your desktop.

enter image description here


This is gbroiles' answer, but I wanted to point out that the cURL project has a page with a few more details on using openssl to save the remote server's SSL certificate:

  • openssl s_client -connect {HOSTNAME}:{PORT} | tee logfile
  • Type QUIT and press the Enter / Return key.
  • The certificate will be listed between "BEGIN CERTIFICATE" and "END CERTIFICATE" markers.

  • If you want to see the data in the certificate, you can use:

    openssl x509 -inform PEM -in certfile -text -out certdata

    where certfile is the certificate extracted from logfile. Look in certdata.

Related

How to remove an entry from Chrome's Remembered URLs from the url bar?
What is the difference between executing a Bash script vs sourcing it?
Can I make cURL fail with an exitCode different than 0 if the HTTP status code is not 200?
How can I resume a stopped job in Linux?
How to check which apache modules are enabled/installed?
How do I exit telnet?
How to enable execution of PowerShell scripts?
What is randomart produced by ssh-keygen?
How do I rename a session in tmux?
An SSH tunnel via multiple hops
How to download files from command line in Windows like wget or curl
How to check if a binary is 32 or 64 bit on Windows?