# Fetch a remote TLS certificate:
function tlscertget {
local domain="${1}"
shift
openssl s_client \
-connect "${domain}" \
-servername "${domain}" \
"$@" < /dev/null 2> /dev/null |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
}
# Show (in text form) a certificate passed through stdin; display
# full details (-text) if invoked without any argument. See man x509 for
# possible options.
function tlscertshow {
if [ $# -eq 0 ]; then
openssl x509 -noout -text
else
openssl x509 -noout "$@"
fi
}
# Fetch a remote TLS certificate and display its subject, issuer and dates.
function tlscertcheck {
local domain="${1}"
shift
tlscertget "${domain}" | tlscertshow -subject -issuer -dates "$@"
}