SoFunction
Updated on 2025-03-03

Linux view server certificate methods (keytool and openssl)

When viewing the certificate on the server side, you can import the server's public key certificate file, or directly crawl and view the certificate from the server.

The following common methods:

Method 1: Crawl and view the certificate directly from the server

Can be passedkeytoolTo connect to the remote server's port and view its SSL/TLS certificate:

keytool -printcert -rfc -sslserver <hostname>:<port>
  • <hostname>: The host name or IP address of the server.
  • <port>: The server uses the SSL/TLS port number, usually 443 (HTTPS) or other ports.

Assume that you need to viewWebsite certificate:

keytool -printcert -rfc -sslserver :443

After running this command, you will see the server's certificate details, including all certificates in the certificate chain, issuer information, public key, validity period, etc.

Method 2: Crawl and view the certificate through openssl

If you don't want to usekeytool, can be usedopensslTool to grab the server-side certificate and then passkeytoolCheck:

1. Useopenssl Crawl the server certificate

openssl s_client -connect <hostname>:<port> -showcerts

This outputs the server's certificate chain, including the server certificate and other certificates in the chain.

2. Save the certificate

Save the certificate to a file (e.g.)middle.

3. Usekeytool View the certificate

keytool -printcert -file

Method 3: Download and view the certificate file

Sometimes, the certificate file may have been downloaded from the server (e.g..ceror.crtFile), can be used directlykeytoolCheck:

keytool -printcert -file <cert-file-path>
keytool -printcert -file

Certificate information analysis

In the output, you can see the following information:

  • Owner: Certificate owner information (usually including CN, OU, O, L, ST, C, etc.).
  • Issuer: Certificate issuer information.
  • Serial number: The serial number of the certificate.
  • Valid from / to: The validity period of the certificate.
  • Signature algorithm: Signature algorithm (such asSHA256withRSA)。
  • Public key: Details of the public key.

Through these methods, it is possible to easily view the server's certificate information and check whether the certificate is valid, or further used for operations such as trust chain verification.

Summarize

The above is personal experience. I hope you can give you a reference and I hope you can support me more.