Verify TLS certificate via CLI
TLS is everywhere these days (thankfully!), and while browsers do a pretty good job of letting you know when a cert is no good, sometimes you need to do it from the terminal.
openssl s_client -connect $HOST:$PORTFor example, for google.com we see
This lets use see that the cert is valid, but what if we want to check the issuance and expiry dates? Easy.
openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -dates
If you want to connect to an IPv6 host (by IP, rather than hostname), enclose the IP address in square brackets, as follows:
openssl s_client -servername google.com -connect [2607:f8b0:4005:801::200e]:443
