There are a number of different ways to obtain information about an SSL certificate from the command line. Two common options are:
To use the OpenSSL client to obtain certificate details, run the following command in a terminal session:
openssl s_client -showcerts -connect duckduckgo.com:443
This should output a lengthy description, including the certificate chain, certificate, and more.
Nmap (“Network Mapper”) can also be used to obtain SSL certificate information. Enter the following:
nmap -p 443 --script ssl-cert duckduckgo.com
This runs a scan returning the state of this port, and outputs details about the certificate including its issuer, type, and expiration date.
Nmap scan report for duckduckgo.com (188.8.131.52) Host is up (0.020s latency). PORT STATE SERVICE 443/tcp open https | ssl-cert: Subject: commonName=*.duckduckgo.com/organizationName=Duck Duck Go, Inc./stateOrProvinceName=Pennsylvania/countryName=US | Subject Alternative Name: DNS:*.duckduckgo.com, DNS:duckduckgo.com | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2019-08-09T00:00:00 | Not valid after: 2020-10-30T12:00:00 | MD5: a0be 987e a6bc 8a3a 6672 4109 50a9 19f5 |_SHA-1: 35c8 7b6a e65e 22fb 4d71 cae1 efed 4db4 6346 80d6
These tools do more–especially Nmap–so it is worth experimenting with different commands and options.
Nmap has a lengthy man page (
man nmap), and here is online documentation for both tools: