DEV Community

Yaroslav Polyakov
Yaroslav Polyakov

Posted on

showcert: human-friendly openssl

showcert is easy to use CLI tool with to show/verify local (.pem) and remote SSL certificates.

showcert does only (1%) most often-used (99%) functions of openssl, but simple and easy to use.

Install: pip3 install showcert

Usage:

$ showcert github.com
IP: 140.82.121.3
Names: github.com www.github.com
notBefore: 2022-03-15 00:00:00 (182 days old)
notAfter: 2023-03-15 23:59:59 (183 days left)
Issuer: C=US O=DigiCert Inc CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Enter fullscreen mode Exit fullscreen mode

Also:

# show certificate from local file, or from stdin if path is -
showcert /etc/ssl/certs/ssl-cert-snakeoil.pem

# check all *.pem files in current directory, and warn if any expires soon. Add `-q` for quiet mode
showcert *.pem -w

# show certificate for gmail POP3 over SSL
showcert pop.gmail.com:995 

# show cert for yandex POP3. Yes, it will do STARTTLS automatically)
showcert pop.yandex.ru:110 

# connect to localhost, but ask to show cert for google.com (SNI)
# -i = insecure, ignore verification error
showcert -i -n google.com localhost 

# 'steal' remote server fullchain.pem (without privkey, obviously)
showcert google.com --chain -o pem > fullchain.pem

#
# LetsEncrypt specific features:
#

# Warn if expire in less then 10 days. Non-zero exit if at least one certificate is expiring.
# same as `showcert -w 10 /etc/letsencrypt/live/*/fullchain.pem

showcert -w 10 :le

# list all names from certificate (as -o names), but each name prepended with -d. 
# e.g. `-d example.com -d www.example.com`
showcert -o dnames example.com

# Useful to use with certbot to generate new certificate from existing cert or site. E.g.:
certbot certonly --webroot /var/www/PATH `showcert -o dnames example.com`
Enter fullscreen mode Exit fullscreen mode

Seem more on GitHub repo: https://github.com/yaroslaff/showcert

Top comments (0)