I’m a fixer of broken things

1 minute read

Download Certificate

Here’s a handy command to download a SSL/TLS certificate via command line using openssl. I use this a lot, but for whatever reason, can’t never seem to memorize the exact syntax.

openssl s_client -connect <host>:<port> < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > the_certificate.cer

Note that we only need the host name without specifying the protocol (https).

The typical port for https is 443, but YMMV if you’re running your webservice on a different port (i.e. 8443 for JBoss).

Convert Certificate

If you need to convert a certificate from binary (der) to base64, use this command.

openssl x509 -in binaryCert.certx -inform der -text -out mycert.pem

The file extension doesn’t actually have to match the encoding of the file since users can name it whatever they want. What’s important is knowing the -inform of the file. The der format is a binary representation of the certificate. The pem format is a base64-encoded ASCII file.

The -text flag just gives us some verbosity when running the command, and is optional.

Tags:

Updated:

You May Also Enjoy

OpenShift Dev Spaces

3 minute read

Configuring OAuth with OpenShift Dev Spaces and GitLab

Image Import Sync

less than 1 minute read

Background If you’re deploying images from an external registry into OpenShift, and you created ImageStreams/Tags that mirror your external registry, you’ll ...