Skip to content

Instantly share code, notes, and snippets.

Last active Dec 28, 2017
What would you like to do?
Displaying a remote SSL certificate details using CLI tools


nmap -p 443 --script ssl-cert

The -p 443 specifies to scan port 443 only. All ports will be scanned if it is omitted, and the certificate details for any SSL service that is found will be displayed. The --script ssl-cert tells the Nmap scripting engine to run only the ssl-cert script. From the doc, this script "(r)etrieves a server's SSL certificate. The amount of information printed about the certificate depends on the verbosity level."

Sample output:

Starting Nmap 7.40 ( ) at 2017-11-01 13:35 PDT
Nmap scan report for (
Host is up (0.16s latency).
Other addresses for (not scanned): (null)
rDNS record for
443/tcp open  https
| ssl-cert: Subject:
| Subject Alternative Name:,
| Issuer: commonName=Gandi Standard SSL CA 2/organizationName=Gandi/stateOrProvinceName=Paris/countryName=FR
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2015-12-21T00:00:00
| Not valid after:  2018-03-19T23:59:59
| MD5:   c3a7 e0ed 388f 87cb ec7f fd3e 71f2 1c3e
|_SHA-1: 5196 ecf5 7aed 139f a511 735b bfb5 7534 df63 41ba

Nmap done: 1 IP address (1 host up) scanned in 2.31 seconds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment