1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
# x509-info
[](https://ci.fcuny.net/fcuny/x509-info)
At this point it's pretty clear that I'll never remember the syntax for `openssl` to show various information about a certificate. At last I will not have to google for that syntax ever again.
## Usage
``` shell
$ Usage: x509-info [OPTIONS] <DOMAIN>
Arguments:
<DOMAIN>
Domain to check
Options:
-p, --port <PORT>
Port to check
[default: 443]
-i, --insecure
Accept invalid certificate
-f, --format <FORMAT>
[default: short]
Possible values:
- short: Format the output as one line of plain text
- long: Format the output as plain text
-h, --help
Print help information (use `-h` for a summary)
-V, --version
Print version information
```
The default format will print a short message:
``` shell
$ x509-info twitter.com
twitter.com: Mon, 11 Dec 2023 15:59:59 -0800 (257 days left)
```
It's possible to get more details:
``` shell
$ x509-info --format=long twitter.com
certificate
version: V3
serial: 0a:2c:01:b8:2b:5d:47:73:9a:5a:01:1a:6f:dc:1a:20
subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., CN=twitter.com
issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
validity
not before : Sat, 10 Dec 2022 16:00:00 -0800
not after : Mon, 11 Dec 2023 15:59:59 -0800
validity days : 365
remaining days: 257
SANs:
DNS:twitter.com
DNS:www.twitter.com
```
You can also check expired certificates:
``` shell
$ x509-info --insecure expired.badssl.com
<no name>: Sun, 12 Apr 2015 16:59:59 -0700 (it expired -2907 days ago)
```
## Notes
Could the same be achieved with a wrapper around `openssl` ? yes.
|
