How to test an HTTP TLS cert from the command line

If you want to look at a web server’s cert from the command line you can just do:

openssl s_client -connect REPLACE_WITH_DOMAIN_OR_IP:443 -servername REPLACE_WITH_DOMAIN

For instance:

openssl s_client -connect microsoft.com:443 -servername microsoft.com

If your DNS isn’t resolving to the host yet (maybe you have launched the site yet but you want to make sure the cert is working) you can put the IP address into the first parameter and the host into the second parameter. For instance:

openssl s_client -connect 191.239.213.197:443 -servername microsoft.com

If you want to also issue an HTTP request using this secure connection you can pipe an echo command with standard HTTP request headers:

(echo -ne "GET / HTTP/1.1\r\nHost: REPLACE_WITH_DOMAIN\r\n\r\n" ; cat ) | \
openssl s_client -connect microsoft.com:443 -servername microsoft.com

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.