There are a number of different ways to obtain information about an SSL certificate from the command line. Two common options are:

OpenSSL client

To use the OpenSSL client to obtain certificate details, run the following command in a terminal session:

openssl s_client -showcerts -connect

This should output a lengthy description, including the certificate chain, certificate, and more.


Nmap (“Network Mapper”) can also be used to obtain SSL certificate information. Enter the following:

nmap -p 443 --script ssl-cert

This runs a scan returning the state of this port, and outputs details about the certificate including its issuer, type, and expiration date.

Nmap scan report for (
Host is up (0.020s latency).

443/tcp open  https
| ssl-cert: Subject: commonName=* Duck Go, Inc./stateOrProvinceName=Pennsylvania/countryName=US
| Subject Alternative Name: DNS:*,
| Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-08-09T00:00:00
| Not valid after:  2020-10-30T12:00:00
| MD5:   a0be 987e a6bc 8a3a 6672 4109 50a9 19f5
|_SHA-1: 35c8 7b6a e65e 22fb 4d71 cae1 efed 4db4 6346 80d6

These tools do more–especially Nmap–so it is worth experimenting with different commands and options.

Nmap has a lengthy man page (man nmap), and here is online documentation for both tools: