命令行中显示服务器使用的 TLS 证书

有时候需要检查对端服务器所使用的证书是不是符合预期, 如果是 HTTPS 服务可以通过浏览器来检查, 那如果对端服务器并不是一个 HTTPS 的服务, 那么就可以用下面的命令来检查(当然 HTTPS 也支持, 无差别 TLS):

1	openssl s_client -showcerts -verify_quiet -connect 6xyun.cn:443

这条命令会打印服务端口的 TLS 细节信息, 并且保持连接, 甚至可以使用这个命令模拟 HTTP 请求:

openssl s_client -showcerts -verify_quiet -connect 6xyun.cn:443
CONNECTED(00000188)
---
Certificate chain
 0 s:CN = 6xyun.cn
   i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIGITCCBQmgAwIBAgISBCN7YkMsTAgjIkxQrBK05/X1MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjEwMDUwMTM2MzJaFw0yMzAxMDMwMTM2MzFaMBMxETAPBgNVBAMT
CDZ4eXVuLmNuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2/Mo1783
mCo5k3Jp073EQk9dyP0eLQiZIiCDGybddn021y6p2D23anzVkRNWXHYFPY7dDY+q
S78KO8vKZnG090aHOipW7N+VbmMTBiHC0D/vkFaVmkQeSNSRcvcJwDi9gcfFH7Gm
J/v/aBrg1DziTNbBaA8mr05jS+wb9qo1KafhhWWMxAzaWkPowyN/R6w+uQC5JaWY
lBe/2Vh8jVEArebEMCbW9FtsLp9Hip5pJoeaCBX7A4pQAqQ6Q8uag37Ln/k0uEEU
7WlEeblR7BufYB0KnOC7Vh7ebDiSXnZhln1hpBLhLdFYh8DQBgcXMEULGDiyJ5q2
vlqjHXQAzR2QLYEV80inCM7PZQ7q+VlJ74VSGd2Rjt016XHOhAnK5n+z6/piMFux
U3KVE+3QGgi0s20TQim4lmCeXPiWQeSNITCv++kK65mxrV94RjdBUCZDI6q6Irbj
a9SEPlHb7eSnu9T+dbiPphiECotFspMDvAztKVnGYjJ9i70BmF/fyfxJi9YPmuXB
bCIx33Cu4EB+vQeg7zZowBCbSQdzK9I7+230gCf6FnLsf1X3b7Rv9CbcH6td8q8A
4nk0oSZMg+5xrHAIKudSEhxZwnNmE3Lr3pnQcoLNxMLeJU+E/ofsd2rehugCav3d
1aBHNJGQNyeqBKI5J/loyzPvh+hOR1KXNokCAwEAAaOCAk4wggJKMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
BAIwADAdBgNVHQ4EFgQUFH6GCsmjl049htvHjjUoAZKPwFgwHwYDVR0jBBgwFoAU
FC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzAB
hhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5p
LmxlbmNyLm9yZy8wHwYDVR0RBBgwFoIKKi42eHl1bi5jboIINnh5dW4uY24wTAYD
VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa
aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx
AO8AdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYOmAHj5AAAE
AwBHMEUCIGi5/txj7Bj+lWrky+qaZb/tMshaBTYg6muSQJeWvbAMAiEA2rm0A7Nk
aSz+gFp25YzleXn1ZuTwDka1AZGGxvqdJNEAdQDfpV6raIJPH2yt7rhfTj5a6s2i
EqRqXo47EsAgRFwqcwAAAYOmAHrEAAAEAwBGMEQCIAHDNuihysfwv+vtnpp6hJxM
K/To30K4vfIk7N7HZOwLAiB2w85lSgXas7KPnUSnAdvL6KxTxuvVAdGs/zmJ0wAD
gTANBgkqhkiG9w0BAQsFAAOCAQEAf0uBET5G06lREmj6CabZrr44OSnnWaGuax7S
sVENmbt4+dZwm56/WZM/mD5mp7+9KmOERxhcXxhD7YqmI1jfniwf8R+b45mdIeMA
f+tqQFR3asZzAc1TAupyxh5WEOwEo86EBnOIUvgxjzfef1AemBYLcVT4RB5XOgE8
rf+ogJjsv7nsgl+E14fQBNyjnE5nLtEwVjaWseXpHXBbHC8OrGXwb2UCAVDeDvT2
sNIAwaalr0O0TQAJbb/F+nmcwepUwIOJwvTElLw/iaFLP1OZBLsey+9mBxvKyPx/
094+td6lWXeC11x7kXodsSagb02mTRSuisO0pmI2iCztrSZlJA==
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=CN = 6xyun.cn

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5065 bytes and written 374 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
GET / HTTP/1.1
HOST:tools.6xyun.cn

HTTP/1.1 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Type: text/html; charset=utf-8,gbk
Date: Sat, 05 Nov 2022 11:12:17 GMT
Server: nginx/1.23.2
Vary: Accept-Encoding
Transfer-Encoding: chunked

ee
<html>
<head><title>Index of /</title></head>
<body>
<h1>Index of /</h1><hr><pre><a href="../">../</a>
<a href="CyberChef/">CyberChef/</a>                                         11-Aug-2022 02:23       -
</pre><hr></body>
</html>

0

要查看某个证书细节, 可以使用以下命令:

1	openssl x509 -text

键入后粘贴证书内容即可, 或使用非交互式命令:

openssl x509 -text << EOF
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
EOF