Skip to content

Instantly share code, notes, and snippets.

@shamil

shamil/ssl_info.md

Last active December 28, 2017 13:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shamil/dcfa9c1af93beaa2a217e2dfc5ae87a0 to your computer and use it in GitHub Desktop.
Save shamil/dcfa9c1af93beaa2a217e2dfc5ae87a0 to your computer and use it in GitHub Desktop.
Download ZIP
Displaying a remote SSL certificate details using CLI tools
Raw
ssl_info.md

From: https://serverfault.com/a/881415

nmap -p 443 --script ssl-cert gnupg.org

The -p 443 specifies to scan port 443 only. All ports will be scanned if it is omitted, and the certificate details for any SSL service that is found will be displayed. The --script ssl-cert tells the Nmap scripting engine to run only the ssl-cert script. From the doc, this script "(r)etrieves a server's SSL certificate. The amount of information printed about the certificate depends on the verbosity level."

Sample output:

Starting Nmap 7.40 ( https://nmap.org ) at 2017-11-01 13:35 PDT
Nmap scan report for gnupg.org (217.69.76.60)
Host is up (0.16s latency).
Other addresses for gnupg.org (not scanned): (null)
rDNS record for 217.69.76.60: www.gnupg.org
PORT    STATE SERVICE
443/tcp open  https
| ssl-cert: Subject: commonName=gnupg.org
| Subject Alternative Name: DNS:gnupg.org, DNS:www.gnupg.org
| Issuer: commonName=Gandi Standard SSL CA 2/organizationName=Gandi/stateOrProvinceName=Paris/countryName=FR
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2015-12-21T00:00:00
| Not valid after:  2018-03-19T23:59:59
| MD5:   c3a7 e0ed 388f 87cb ec7f fd3e 71f2 1c3e
|_SHA-1: 5196 ecf5 7aed 139f a511 735b bfb5 7534 df63 41ba

Nmap done: 1 IP address (1 host up) scanned in 2.31 seconds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment