OpenSSL notes

Get certificates of some server

openssl s_client -showcerts -servername jmm.io -connect jmm.io:443 </dev/null | openssl x509 -text

Pinned pubkey hashes

See my curl notes for how to get the hash of the pubkey of a certificate. I’ve reproduced that command here:

openssl s_client -connect jmm.io:443 -showcerts </dev/null 2>/dev/null | openssl x509 -pubkey -noout | openssl asn1parse -inform PEM -noout -out - | openssl dgst -sha256 -binary | basenc --base64 | (read -r input; echo "sha256//$input")

This outputs “sha256//oeSYWhLYsGSE4dRlJtO7Mgytfe/6v7ssr9tBFHFEKAc=”.