showcert is easy to use CLI tool with to show/verify local (.pem) and remote SSL certificates.
showcert does only (1%) most often-used (99%) functions of openssl, but simple and easy to use.
Install: pip3 install showcert
Usage:
$ showcert github.com
IP: 140.82.121.3
Names: github.com www.github.com
notBefore: 2022-03-15 00:00:00 (182 days old)
notAfter: 2023-03-15 23:59:59 (183 days left)
Issuer: C=US O=DigiCert Inc CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Also:
# show certificate from local file, or from stdin if path is -
showcert /etc/ssl/certs/ssl-cert-snakeoil.pem
# check all *.pem files in current directory, and warn if any expires soon. Add `-q` for quiet mode
showcert *.pem -w
# show certificate for gmail POP3 over SSL
showcert pop.gmail.com:995
# show cert for yandex POP3. Yes, it will do STARTTLS automatically)
showcert pop.yandex.ru:110
# connect to localhost, but ask to show cert for google.com (SNI)
# -i = insecure, ignore verification error
showcert -i -n google.com localhost
# 'steal' remote server fullchain.pem (without privkey, obviously)
showcert google.com --chain -o pem > fullchain.pem
#
# LetsEncrypt specific features:
#
# Warn if expire in less then 10 days. Non-zero exit if at least one certificate is expiring.
# same as `showcert -w 10 /etc/letsencrypt/live/*/fullchain.pem
showcert -w 10 :le
# list all names from certificate (as -o names), but each name prepended with -d.
# e.g. `-d example.com -d www.example.com`
showcert -o dnames example.com
# Useful to use with certbot to generate new certificate from existing cert or site. E.g.:
certbot certonly --webroot /var/www/PATH `showcert -o dnames example.com`
Seem more on GitHub repo: https://github.com/yaroslaff/showcert
Top comments (0)