how to dump the ssl certificate for a server

> Dave,
> Is there a unix command to get the CERT of a domain name?
> I need to check to see if the cert is installed correctly on one of our domains.

echo | openssl s_client -showcert -connect grox.net:443

replace grox.net:443 with host:port that you want to check i.e.,
www.example.com:443

the initial 'echo |' is just to end the connection. s_client is a
client, so it's waiting for intput to talk to the server.

there are other switches available. list 'em with:
openssl s_client -h

or, you can dump the certs and use "openssl x509" to examine 'em:

echo | openssl s_client -showcert -connect grox.net:443 |
  sed -n '/BEGIN CERT/,/END CERT/p' |
  openssl x509 -noout -text

again, openssl x509 has a ton of switches so you can extract various
parts of the cert instead of dumping the whole thing. to list 'em, do
openssl x509 -h

hth,
...dave