With SNI:
If the remote server is using SNI (that is, sharing multiple SSL hosts on a single IP address) you will need to send the correct hostname in order to get the right certificate.
|
1 2 3 4 |
## Example openssl s_client -showcerts \ -servername www.example.com \ -connect www.example.com:443 |
Without SNI:
If the remote server is not using SNI, then you can skip -servername parameter.
|
1 2 3 |
## Example openssl s_client -showcerts \ -connect www.example.com:443 |
To view the full details of a sites cert you can use this chain of commands as well:
|
1 2 3 4 |
## Example echo | openssl s_client -servername www.example.com \ -connect www.example.com:443 2>/dev/null | \ openssl x509 -text |