Forum Discussion
- InquisitiveMaiCirrostratus
Thank you for your reply. I figured out using curl -v https://abc.com would show the cert before redirect. It will also display to which site it redirects
InquisitiveMai If you only are concerned with the redirects and SSL certificate you can also do the following so you don't have to bother looking through the page data and instead you will only receive the HTTP header.
curl -Iv "https://abc.com/"
If for some reason you were receiving SSL errors you should be able to run the following to ignore the SSL errors as well as follow any redirects provided.
curl -IvkL "https://abc.com/"
- InquisitiveMaiCirrostratus
Thank you Paulius for your response. But I see the same output for curl -v <URL> and curl -lv <URL>
Is it a differnt Curl Command
- F5-EnthusiastAltocumulus
As long as you use a HTTP Client like a browser you will not have much luck with this.
Solution 1
i use a random linux box for stuff like this.
[root@linux-infra-1 ~]# openssl s_client --connect www.abc.com:443
Result will look like the following where you can read all required information and also create some scripts from it:
Spoiler[root@linux-infra-1 ~]# openssl s_client --connect www.example.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHSjCCBjKgAwIBAgIQDB/LGEUYx+OGZ0EjbWtz8TANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMzAxMTMwMDAwMDBa
Fw0yNDAyMTMyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
cm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxQjBABgNVBAoMOUludGVybmV0wqBD
b3Jwb3JhdGlvbsKgZm9ywqBBc3NpZ25lZMKgTmFtZXPCoGFuZMKgTnVtYmVyczEY
MBYGA1UEAxMPd3d3LmV4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwoB3iVm4RW+6StkR+nutx1fQevu2+t0Fu6KBcbvhfyHSXy7w0nJO
dTT4jWLjStpRkNQBPZwMwHH35i+21gdnJtDe/xfO8IX9McFmyodlBUcqX8CruIzD
v9AXf2OjXPBG+4aq+03XKl5/muATl32++301Vw1dXoGYNeoWQqLTsHT3WS3tOOf+
ehuzNuZ+rj+ephaD3lMBToEArrtC9R91KTTN6YSAOK48NxTA8CfOMFK5itxfIqB5
+E9OSQTidXyqLyoeA+xxTKMqYfxvypEek1oueAhY9u67NCBdmuavxtfyvwp7+o6S
d+NsewxAhmRKFexw13KOYzDhC+9aMJcuJQIDAQABo4ID2DCCA9QwHwYDVR0jBBgw
FoAUt2ui6qiqhIx56rTaD5iyxZV2ufQwHQYDVR0OBBYEFLCTP+gXgv1ssrYXh8vj
gP6CmwGeMIGBBgNVHREEejB4gg93d3cuZXhhbXBsZS5vcmeCC2V4YW1wbGUubmV0
ggtleGFtcGxlLmVkdYILZXhhbXBsZS5jb22CC2V4YW1wbGUub3Jngg93d3cuZXhh
bXBsZS5jb22CD3d3dy5leGFtcGxlLmVkdYIPd3d3LmV4YW1wbGUubmV0MA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY8GA1Ud
HwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS00LmNybDA+BgNV
HSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj
ZXJ0LmNvbS9DUFMwfwYIKwYBBQUHAQEEczBxMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0dHA6Ly9jYWNlcnRzLmRp
Z2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcnQwCQYD
VR0TBAIwADCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYA7s3QZNXbGs7FXLed
tM0TojKHRny87N7DUUhZRnEftZsAAAGFq0gFIwAABAMARzBFAiEAqt+fK6jFdGA6
tv0EWt9rax0WYBV4re9jgZgq0zi42QUCIEBh1yKpPvgX1BreE0wBUmriOVUhJS77
KgF193fT2877AHcAc9meiRtMlnigIH1HneayxhzQUV5xGSqMa4AQesF3crUAAAGF
q0gFnwAABAMASDBGAiEA12SUFK5rgLqRzvgcr7ZzV4nl+Zt9lloAzRLfPc7vSPAC
IQCXPbwScx1rE+BjFawZlVjLj/1PsM0KQQcsfHDZJUTLwAB2AEiw42vapkc0D+Vq
AvqdMOscUgHLVt0sgdm7v6s52IRzAAABhatIBV4AAAQDAEcwRQIhAN5bhHthoyWM
J3CQB/1iYFEhMgUVkFhHDM/nlE9ThCwhAiAPvPJXyp7a2kzwJX3P7fqH5Xko3rPh
CzRoXYd6W+QkCjANBgkqhkiG9w0BAQsFAAOCAQEAWeRK2KmCuppK8WMMbXYmdbM8
dL7F9z2nkZL4zwYtWBDt87jW/Gz/E5YyzU/phySFC3SiwvYP9afYfXaKrunJWCtu
AG+5zSTuxELFTBaFnTRhOSO/xo6VyYSpsuVBD0R415W5z9l0v1hP5xb/fEAwxGxO
Ik3Lg2c6k78rxcWcGvJDoSU7hPb3U26oha7eFHSRMAYN8gfUxAi6Q2TF4j/arMVB
r6Q36EJ2dPcTu0p9NlmBm8dE34lzuTNC6GDCTWFdEloQ9u//M4kUUOjWn8a5XCs1
263t3Ta2JfKViqxpP5r+GvgVKG3qGFrC0mIYr0B4tfpeCY9T+cz4I6GDMSP0xg==
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.orgissuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3775 bytes and written 739 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 9B5312A1899D43C5C0AB7CE61FD4ED35B5CB1998F5B47574A67C5F77F81DC9F2
Session-ID-ctx:
Resumption PSK: 53DDA0BB9D68DCD6A4CE672AA9C7D939905E2E70FADF7E4D0B09147FC22E74DD0B2847D5F73F198473213313AC9CF331
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ae ae cd 93 34 63 ef 30-6f d3 a9 06 f0 0f b7 e5 ....4c.0o.......
0010 - 19 ac 2d 01 fe 5f 72 11-90 a7 e0 a8 e1 3f 03 8a ..-.._r......?..
0020 - 32 21 24 fa 05 05 9a 9a-b4 f5 be f0 c0 72 f8 5a 2!$..........r.Z
0030 - 64 f3 e2 59 f5 08 9e be-24 3d ad fa 92 db cd 26 d..Y....$=.....&
0040 - 9b c2 ed 53 4f 10 4b b3-10 41 30 6a 8a 73 3d 04 ...SO.K..A0j.s=.
0050 - 0a c5 8a f0 30 a6 bc 6b-f2 07 6c db 8f 12 e3 b9 ....0..k..l.....
0060 - 1c e7 cb 0d 4d bc 67 1b-71 a7 d7 d4 fc d1 18 b7 ....M.g.q.......
0070 - 24 8a 60 e0 84 26 7f 02-8c 00 d1 89 49 45 eb c9 $.`..&......IE..
0080 - 8e 35 e6 7b bc 11 36 f8-3a 6f 4e 45 7b f0 ae e3 .5.{..6.:oNE{...
0090 - ff 64 60 b7 ca b1 95 c9-d1 b5 10 78 e0 95 9b 6a .d`........x...j
00a0 - e2 81 c5 a1 d9 0d f2 c5-3f 41 3c 04 fb f6 38 ad ........?A<...8.
00b0 - 04 a6 7f 1f 20 94 36 9a-66 13 38 e0 4c aa b6 bc .... .6.f.8.L...
00c0 - de 87 67 4b 1d 62 af 15-02 ca 43 50 6e 09 6c 83 ..gK.b....CPn.l.Start Time: 1680154286
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 99120389A2C663A2969C4CDE99B1C116A27A282A2D845924FE7B602403B1A2BD
Session-ID-ctx:
Resumption PSK: EDF2D8B8843DB94E7150193748EDC143533CEB3BA4AB171876EA6C7B58398938F53D25B817A8275E3A3DB2C3362EFD06
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ae ae cd 93 34 63 ef 30-6f d3 a9 06 f0 0f b7 e5 ....4c.0o.......
0010 - 5f ba f7 2b 5c 72 28 c7-36 e5 8a fd 4c fe 9a f6 _..+\r(.6...L...
0020 - 6d ad bd ec be 7c 36 ba-25 32 56 7c 04 40 70 c2 m....|6.%2V|.@p.
0030 - 05 15 72 e2 99 97 38 e5-37 a3 60 e1 59 2e 18 68 ..r...8.7.`.Y..h
0040 - bf dd f7 96 d0 6d ad 9f-67 3f c8 7a 23 03 1b 12 .....m..g?.z#...
0050 - aa 22 59 07 cc 87 bf de-85 80 54 c0 fa 2d c3 1f ."Y.......T..-..
0060 - 9f 3e 76 fd e9 ac 6c 11-92 d7 99 94 5a 8a 85 43 .>v...l.....Z..C
0070 - b1 b7 87 2a 86 29 71 1d-15 59 74 3a f2 71 77 a8 ...*.)q..Yt:.qw.
0080 - 19 64 11 7c fb cf 04 9c-0c 38 9a 51 64 a0 be ad .d.|.....8.Qd...
0090 - 81 1f 04 62 19 af 4d a1-ff 12 34 62 46 6b 84 24 ...b..M...4bFk.$
00a0 - 56 85 f0 8b b9 b6 d0 05-af e9 8c 65 ee 84 69 d0 V..........e..i.
00b0 - c9 1c d3 ce d8 3d f1 05-93 d2 d9 75 71 d7 8e f9 .....=.....uq...Start Time: 1680154286
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0Solution 2
Use an online tool like "SSL Certificate Checker - Diagnostic Tool | DigiCert.com"