dump local/remote certificate info
Project description
showcert - simple OpenSSL for humans
Showcert tries to follow these principles:
- Simple things must be simple. More complex things may require some options.
- Be simple and cover 9/10 routine certificate-related tasks.
- If showcert missing some rarely used feature and user needs to use openssl for it - okay.
# You will never forget how to use it:
$ showcert github.com
IP: 140.82.121.3
Names: github.com www.github.com
notBefore: 2022-03-15 00:00:00 (182 days old)
notAfter: 2023-03-15 23:59:59 (183 days left)
Issuer: C=US O=DigiCert Inc CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
# Compare it against openssl:
# two redirections, pipe, two invokations and 5 unneeded options
$ openssl s_client -connect github.com:443 </dev/null 2>/dev/null | openssl x509 -inform pem -text
# View Google SMTP server cert. starttls mode selected automatically. Same for POP3/IMAP and any simple TLS service
$ showcert smtp.google.com:25
# Save full chain of google.com certificates to local PEM file
$ showcert --chain -o pem google.com > google-fullchain.pem
# Warn about any LetsEncrypt cert which will expire in 50 days or less
# :le is just special token, replaced to /etc/letsencrypt/live/*/fullchain.pem
$ sudo showcert -q :le -w50 || echo panic
/etc/letsencrypt/live/my.example.com/fullchain.pem expires in 47 days
panic
STARTTLS implementation
showcert has built-in support for STARTTLS for SMTP (port 25), POP3 (port 110) and IMAP (port 143). You can select proper method with --starttls
option (or disable it with --starttls no
), but default value (auto
) is OK for most cases. This option is needed only if you test servers on non-standard ports.
Installation
As any usual python package:
pip3 install showcert
(just install)pip3 install -U showcert
(upgrade)pip3 install -U git+https://github.com/yaroslaff/showcert
(install/upgrade from git)
Exit code
showcert will return non-zero exit code (1) in case of any error (including expired certificate or host mismatch).
If -w DAYS
used, non-zero (2) will be returned for valid certificates, which will expire in DAYS
days or sooner.
Usage
$ bin/showcert -h
usage: showcert [-h] [-i] [--output OUTPUT] [-c] [-w [DAYS]] [-q] [-n NAME] [-t METHOD] [-l TIME]
[--ca CA] [--net]
CERT [CERT ...]
Show local/remote SSL certificate info v0.1.15
positional arguments:
CERT path, - (stdin), ":le" (letsencrypt cert path), hostname or hostname:port
optional arguments:
-h, --help show this help message and exit
-i, --insecure Do not verify remote certificate
--output OUTPUT, -o OUTPUT
output format: brief, full, names, dnames (for certbot), pem, no.
-c, --chain Show chain (not only server certificate)
-w [DAYS], --warn [DAYS]
Warn about expiring certificates (def: 20 days)
Rarely needed options:
-q, --quiet Quiet mode, same as --output no
-n NAME, --name NAME name for SNI (if not same as CERT host)
-t METHOD, --starttls METHOD
starttls method: auto (default, and OK almost always), no, imap, smtp, pop3
-l TIME, --limit TIME
socket timeout (def: 5)
--ca CA path to trusted CA certificates, def: /usr/local/lib/python3.9/dist-packages/certifi/cacert.pem
--net Force network check (if you want to check host and have file/dir with same name in current directory)
Examples:
# just check remote certificate
bin/showcert example.com
# check SMTP server certificate (autodetected: --starttls smtp )
bin/showcert smtp.google.com:25
# save fullchain from google SMTP to local PEM file
bin/showcert --chain -o pem google.com > google-fullchain.pem
# look for expiring letsencrypt certificates
# :le is alias for /etc/letsencrypt/live/*/fullchain.pem
bin/showcert :le -q -w 20 || echo "expiring soon!"
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for showcert-0.1.15-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f3dd2910cb9845c3673e7f2d5c27f48831b4254d08887af0a455b180db63c387 |
|
MD5 | c14d00c2131bc3654c09371563fe5496 |
|
BLAKE2b-256 | ae42386378b256bd824e960cbc87edcfc7cd60b048c66a61ff7566239b2c7125 |