Download an SSL Certificate using a one-liner!

Had a task today to sync up a SSL certificate, only problem is I didn’t have the certificate nor could I find it anywhere. I knew I could use openssl and get a print out, but I wanted a actual file in my tmp directory. So obvious start with the basics…

openssl s_client -connect HOST:PORTNUMBER

Simple, straight forward…next how to I pipe this to a file. My gut told me:

openssl s_client -connect HOST:PORTNUMBER > /tmp/out.cert

Well…That worked…sort of. I want to be able to terminate this so I don’t have to hit ctrl+c. Well what if I pipe it to echo…

echo | openssl s_client -connect HOST:PORTNUMBER

Bingo! That worked marvelously! But wait…drats…extra stuff about the cert chain. Googled around and found someone already did the heavy lifting using sed!

echo | openssl s_client -connect HOST:PORTNUMBER | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/websitessl.cert

Awesome! Now I have a clean importable cert. That will save the certificate to /tmp/websitessl.cert.

Thanks Sean and Vinay from Serverfault. They actually had some extra tips I picked up too!

1) You can use -showcerts if you want to download all the certificates in the chain. But if you just want to download the server certificate, there is no need to specify -showcerts

2) echo -n gives a response to the server, so that the connection is released

So TLDR is, just use:

echo -n | openssl s_client -connect HOST:PORTNUMBER | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/websitessl.cert


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.