If you want to get the certificate information from a remote server that is using SSL (e.g. HTTPS, LDAPS, etc.), then the following unix* command will tell you about what that server is presenting:
openssl s_client -connect <host>:<port> </dev/null |openssl x509 -noout -text
Notice that there are two commands that are combined with a pipe ‘|‘. The first command uses the s_client option of openssl to do the connection and accept the return from the server. The command passes that output via the pipe (command line operator) to the x509 option of openssl which parses the certificate into readable format. At the end of the first command, there is also a </dev/null which is needed in order to tell the openssl s_client to end the session. If you don’t use it, then the command will appear to hang because it will keep the session with the remote server open.
SNI
If the server is running SNI, then you may need to add the -servername option. In this case, the SNI_hostname will specify which host certificate you’re looking for. The host value does not need to be the same. It’s just used to get you to the host and port (and can be a resolvable host name or just an ip address):
openssl s_client -servername <SNI_hostname> -connect <host>:<port> </dev/null |openssl x509 -noout -text
Limiting Output
If you want to limit the output, you can explicitly turn on/off the output. I am generally looking for the subject and the dates, and don’t need to see the base64 encoded key, so I use the following:
openssl s_client -connect <host>:<port> </dev/null |openssl x509 -noout -subject -dates
*The ‘openssl’ command is available native on unix platforms. If you are running windows, then you will probably need to download it before you can run this command. I believe openssl is worth having if you are supporting certificates. But always use care and diligence before downloading and installing anything to your computer. And if you are at work, make sure you have explicit permission first.