How to get the SSL certificate of a host?

If you know the hostname, you can download the SSL certificate by using Google Chrome, Mozilla Firefox, Internet Explorer or OpenSSL. Copy the hostname and paste it in the address bar of the browser of your choice and follow the steps corresponding to the selected browser given below.

Get SSL using Google Chrome

Export the SSL certificate of a hostname using Google Chrome:

1. Click the Secure button (a padlock) in an address bar.

2. Click the Certificate(Valid).

3. Go to the Details tab.

4. Click the Copy to File… button.

5. Click the Next button.

6. Select the “Base-64 encoded X.509 (.CER)” format and click the Next button.

7. Specify the name of the file you want to save the SSL certificate to.

8. Click the Next and the Finish buttons.

Get SSL using Mozilla Firefox

Export the SSL certificate of a hostname using Mozilla Firefox:

1. Click the Site Identity button (a padlock) in an address bar.

2. Click the Show connection details arrow.

3. Click the More Information button.

4. Click the View Certificate button.

5. Go to the Details tab.

6. Click the Export button.

7. Specify the name of the file you want to save the SSL certificate, keep the “X.509 Certificate (PEM)” format, and click the Save button.

Get SSL using Internet Explorer

Download and save the SSL certificate of a hostname using Internet Explorer:

1. Click the Security report button (a padlock) in an address bar.

2. Click the View Certificate button.

3. Go to the Details tab.

4. Click the Copy to File… button.

5. Click the Next button.

6. Select the “Base-64 encoded X.509 (.CER)” format and click the Next button.

7. Specify the name of the file you want to save the SSL certificate to.

8. Click the Next and the Finish buttons.

Get SSL using OpenSSL

Get the SSL certificates of a hostname using the OpenSSL command :

$ echo | openssl s_client -servername NAME -connect HOST:PORT |\
sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > certificate.crt

Explanation :

connect HOST:PORT - The host and port to connect to.

server name NAME - The TLS SNI (Server Name Indication) extension (website).

certificate.crt - Save the SSL certificate to this file.

Example:

$ echo | openssl s_client -servername einv.cleartax.in -connect einv.cleartax.in:443|\
sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > certificate.crt

Last updated