Links
- Website
- https://www.openssl.org/
- Documentation
- https://docs.openssl.org/master/
Get certificates of some server
openssl s_client -showcerts -servername jmm.io -connect jmm.io:443 </dev/null | openssl x509 -text
Pinned pubkey hashes
See my curl notes for how to get the hash of the pubkey of a certificate. I’ve reproduced that command here:
openssl s_client -connect jmm.io:443 -showcerts </dev/null 2>/dev/null | openssl x509 -pubkey -noout | openssl asn1parse -inform PEM -noout -out - | openssl dgst -sha256 -binary | basenc --base64 | (read -r input; echo "sha256//$input")
This outputs “sha256//oeSYWhLYsGSE4dRlJtO7Mgytfe/6v7ssr9tBFHFEKAc=
”.