Table of contents SNI stands for Server Name Indication openssl s_client -connect 192.168.0.1:443 </dev/null>/dev/null \
| openssl x509 -text -noout \
| grep -i "subject:\|dns:\|signature algorithm:\|issuer:\|validity\|not before\|not after" \
| sed \$d
OpenSSL without defining -servername flag, it sends non-sni by default. You can use hostname instead of IP, run openssl s_client -connect google.com:443. Check certificate for hostname in the SNI Use flag -servername my.domain.com openssl s_client -connect 192.168.0.1:443 -servername my.domain.com \
| openssl x509 -text -noout \
| grep -i "subject:\|dns:\|signature algorithm:\|issuer:\|validity\|not before\|not after" \
| sed \$d
openssl s_client -connect 192.168.0.1:443 -servername my.domain.com < /dev/null>/dev/null \
| openssl x509 -noout -text \
| grep 'DNS:\|Issuer:\|Subject:\|Not Before:\|Not After';
openssl s_client -connect my.domain.com:443 -servername domain.com
openssl s_client -connect 192.168.0.1:443 -servername my.domain.com -tls1
openssl s_client -connect my.domain.com:443 -servername my.domain.com -showcerts
Download the certificate (named: my_root.pem) on to Desktop, and change directory cd ~/Desktop, run below command. openssl x509 -in ~/Downloads/my_root.pem -text -noout
openssl s_client -servername my.domain.com -connect 192.168.0.1:443 2> /dev/null \
| openssl x509 -noout -dates
Assuming private key uses RSA, save both certificate and key in the directory of Desktop, cd ~/Desktop, then run below 2 OpenSSL command to check if certificate and key matches. openssl x509 –noout –modulus –in ~/Desktop/example.crt | openssl md5
openssl rsa –noout –modulus –in ~/Desktop/example.key | openssl md5