Skip to main content

dump local/remote certificate info

Project description

showcert

Simple CLI tool with clean output to show/verify local (.pem) and remote SSL certificates. (For those, who can do this with openssl, but often have to search for right syntax or hate to write grep every time)

$ showcert github.com
Names: github.com www.github.com
notBefore: 2022-03-15 00:00:00 (108 days old)
notAfter: 2023-03-15 23:59:59 (257 days left)
Issuer: C=US O=DigiCert Inc CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1

Also:

  • showcert /etc/ssl/certs/ssl-cert-snakeoil.pem (show certificate from local file)
  • showcert imap.gmail.com:995 (show certificate for gmail IMAP)
  • showcert pop.yandex.ru:110 (show cert for yandex POP3, yes, it will do STARTTLS automatically)
  • showcert -i -n google.com localhost (show certificate for google.com on my local server, even if it's not valid)
  • showcert *.pem -q -w - quietly check all *.pem files in current directory, and warn if any expires soon
  • showcert :le - same as showcert /etc/letsencrypt/live/*/cert.pem

STARTTLS implementation

showcert has built-in support for STARTTLS for SMTP (port 25), POP3 (port 110) and IMAP (port 143). You can select proper method with --starttls option (or disable it with --starttls no), but default value ('auto') is OK for most cases. This option is needed only if you test servers on non-standard ports.

Limitations

showcert shows only first certificate from PEM file (if there are many)

Installation

pip3 install showcert

Exit code

showcert will return non-zero exit code in case of any error (including expired certificate or host mismatch). If -w DAYS used, non-zero will be returned for valid certificates, which will expire in DAYS days or sooner.

Usage

usage: showcert [-h] [-n NAME] [-i] [-q] [-w [DAYS]] CERT

Show local/remote SSL certificate info v0.0.8

positional arguments:
  CERT                  /path/cert.pem or google.com or google.com:443

optional arguments:
  -h, --help            show this help message and exit
  -n NAME, --name NAME  name for SNI (if not same as CERT host)
  -i, --insecure        Do not verify remote certificate
  -q, --quiet           Print only warning/problems
  -w [DAYS], --warn [DAYS]
                        Warn about expiring certificates (def: 20 days)

Examples:  
  # just check remote certificate
  /usr/local/bin/showcert example.com

  # check cert for example.com on new.example.com, do not verify
  /usr/local/bin/showcert new.example.com -n example.com -i

  # dump info from local certificate file
  /usr/local/bin/showcert /etc/letsencrypt/live/example.com/fullchain.pem

  # verify cert quietly and print to stderr only if it will expire in one week
  /usr/local/bin/showcert -q -w 7 github.com

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

showcert-0.0.14-py3-none-any.whl (6.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page