DEV Community

Yaroslav Polyakov
Yaroslav Polyakov

Posted on


showcert: human-friendly openssl

showcert is easy to use CLI tool with to show/verify local (.pem) and remote SSL certificates.

showcert does only (1%) most often-used (99%) functions of openssl, but simple and easy to use.

Install: pip3 install showcert


$ showcert
notBefore: 2022-03-15 00:00:00 (182 days old)
notAfter: 2023-03-15 23:59:59 (183 days left)
Issuer: C=US O=DigiCert Inc CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Enter fullscreen mode Exit fullscreen mode


# show certificate from local file, or from stdin if path is -
showcert /etc/ssl/certs/ssl-cert-snakeoil.pem

# check all *.pem files in current directory, and warn if any expires soon. Add `-q` for quiet mode
showcert *.pem -w

# show certificate for gmail POP3 over SSL

# show cert for yandex POP3. Yes, it will do STARTTLS automatically)

# connect to localhost, but ask to show cert for (SNI)
# -i = insecure, ignore verification error
showcert -i -n localhost 

# 'steal' remote server fullchain.pem (without privkey, obviously)
showcert --chain -o pem > fullchain.pem

# LetsEncrypt specific features:

# Warn if expire in less then 10 days. Non-zero exit if at least one certificate is expiring.
# same as `showcert -w 10 /etc/letsencrypt/live/*/fullchain.pem

showcert -w 10 :le

# list all names from certificate (as -o names), but each name prepended with -d. 
# e.g. `-d -d`
showcert -o dnames

# Useful to use with certbot to generate new certificate from existing cert or site. E.g.:
certbot certonly --webroot /var/www/PATH `showcert -o dnames`
Enter fullscreen mode Exit fullscreen mode

Seem more on GitHub repo:

Top comments (0)

Dark Mode

🌚 Friends don't let friends browse without dark mode.

Good news! You can update to dark mode in your DEV settings.