Using openssl to get the certificate from a server
It turns out there is more complexity here: I needed to provide many more details to get this rolling. I think its something to do with the fact that its a connection that needs client authentication, and the hankshake needed more info to continue to the stage where the certificates were dumped.
Here is my working command:
openssl s_client -connect host:port -key our_private_key.pem -showcerts \
-cert our_server-signed_cert.pem
Hopefully this is a nudge in the right direction for anyone who could do with some more info.
openssl s_client -showcerts -servername xyz -connect xyz:443 hangs for a long time
openssl s_client is designed to be interactive and by default, it is waiting for your input. So you should either have echo | in front, or </dev/null after the command.
Additionally, you could also add a timeout in case a server cannot be reached.
This is how I do it in a script which verifies dates on different servers and services:
timeout $timeout \
openssl s_client -showcerts -connect $server:$port </dev/null 2>/dev/null \
| openssl x509 -noout -subject -dates
How to generate a self-signed SSL certificate using OpenSSL?
You can do that in one command:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365
You can also add -nodes (short for "no DES") if you don't want to protect your private key with a passphrase. Otherwise it will prompt you for "at least a 4 character" password.
The days parameter (365) you can replace with any number to affect the expiration date. It will then prompt you for things like "Country Name", but you can just hit Enter and accept the defaults.
Add -subj '/CN=localhost' to suppress questions about the contents of the certificate (replace localhost with your desired domain).
Self-signed certificates are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a certificate authority (CA).
Related Topics
How to Keep Environment Variables When Using Sudo
How to Merge Two "Ar" Static Libraries into One
What's the Difference Between Nohup and Ampersand
How to Generate New Variable Names on the Fly in a Shell Script
Setting Environment Variables in Linux Using Bash
How to Normalize a File Path in Bash
Linux Clock_Gettime(Clock_Monotonic) Strange Non-Monotonic Behavior
How to Delete an Exported Environment Variable
Recursively Look For Files With a Specific Extension
Is There a Way For Non-Root Processes to Bind to "Privileged" Ports on Linux
How Does "Cat ≪≪ Eof" Work in Bash
How to Automatically Redirect Http to Https on Apache Servers
Calling Printf in X86_64 Using Gnu Assembler
How to Configure Apache 2 to Run Perl Cgi Scripts