Skip to Content

Check SSL certificate from Remote Server with Openssl s_client

An SSL/TLS certificate is a file installed on a website’s origin server. It’s simply a data file containing the public key and the identity of the website owner, along with other information. Without a server certificate, a website’s traffic can’t be encrypted with TLS.

SSL/TLS certificates are the most popular type of X.509 certificate. SSL/TLS certificates are issued to hostnames (machine names like ‘ABC-SERVER-02’ or domain names like

In this post, we will get the SSL/TLS server certificate from the server or website with OpenSSL command.

Get SSL server certificate from Remote Server

We can get an interactive SSL connection to our server, using the openssl s_client command:

This keeps the interactive session open until we type Q (quit) and press , or until EOF is encountered.

We can use the -showcerts option to get the complete certificate chain:

openssl s_client -showcerts -connect

Certificate chain
0 s:/CN=*
i:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
1 s:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
i:/C=US/O=Google Trust Services LLC/CN=GTS Root R1

We can also use the following command to save all the certificates to a file.

openssl s_client -showcerts -connect certifs.pem

Check SSL server certificate from Server with SNI

If the remote server is using SNI (that is, sharing multiple SSL hosts on a single IP address) we will need to send the correct servername in the OpenSSL command in order to get the right certificate.

For example, shares multiple SSL hosts with other domains. So in order to get the certificate for our website, we need to use the following command.

openssl s_client -showcerts -servername -connect certifs.pem