Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/genkiroid/cert

Cert is the Go tool to get TLS certificate information.
https://github.com/genkiroid/cert

certificate cli go ssl ssl-certificate tls

Last synced: 3 months ago
JSON representation

Cert is the Go tool to get TLS certificate information.

Host: GitHub
URL: https://github.com/genkiroid/cert
Owner: genkiroid
License: mit
Created: 2017-08-20T09:10:57.000Z (about 7 years ago)
Default Branch: main
Last Pushed: 2023-04-22T00:17:38.000Z (over 1 year ago)
Last Synced: 2024-07-27T06:34:03.789Z (3 months ago)
Topics: certificate, cli, go, ssl, ssl-certificate, tls
Language: Go
Homepage:
Size: 72.3 KB
Stars: 243
Watchers: 7
Forks: 37
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - genkiroid/cert - Cert is the Go tool to get TLS certificate information. (Go)

README

        # cert

[![build](https://github.com/genkiroid/cert/actions/workflows/ci.yml/badge.svg)](https://github.com/genkiroid/cert/actions/workflows/ci.yml)

Get server's certificate information.

## Installation

For Mac it provide Homebrew integration.

Please install like following.

```sh

$ brew tap genkiroid/homebrew-cert

$ brew install cert

```

For other platforms, Precompiled binaries for released versions are available in the [releases](https://github.com/genkiroid/cert/releases) page.

Or `go install`.

```sh

$ go install github.com/genkiroid/cert/cmd/cert@latest

```

## Usage

Give domain names as arguments.

```sh

$ cert github.com google.co.jp

DomainName: github.com

IP:         192.30.255.113

Port:       443

Issuer:     DigiCert SHA2 Extended Validation Server CA

NotBefore:  2016-03-10 09:00:00 +0900 JST

NotAfter:   2018-05-17 21:00:00 +0900 JST

CommonName: github.com

SANs:       [github.com www.github.com]

Error:

DomainName: google.co.jp

IP:         216.58.196.227

Port:       443

Issuer:     Google Internet Authority G3

NotBefore:  2017-10-17 19:59:51 +0900 JST

NotAfter:   2018-01-09 19:00:00 +0900 JST

CommonName: *.google.co.jp

SANs:       [*.google.co.jp google.co.jp]

Error:

```

You can specify port number.

So you can get server certificate information of not only web server but also *mail server and others*.

```sh

$ cert github.com google.co.jp:443 imap.gmail.com:993

DomainName: github.com

IP:         192.30.255.113

Port:       443

Issuer:     DigiCert SHA2 Extended Validation Server CA

NotBefore:  2016-03-10 09:00:00 +0900 JST

NotAfter:   2018-05-17 21:00:00 +0900 JST

CommonName: github.com

SANs:       [github.com www.github.com]

Error:

DomainName: google.co.jp

IP:         172.217.27.163

Port:       443

Issuer:     Google Internet Authority G3

NotBefore:  2017-10-17 19:59:51 +0900 JST

NotAfter:   2018-01-09 19:00:00 +0900 JST

CommonName: *.google.co.jp

SANs:       [*.google.co.jp google.co.jp]

Error:

DomainName: imap.gmail.com

IP:         64.233.188.108

Port:       993

Issuer:     Google Internet Authority G2

NotBefore:  2017-10-17 19:10:29 +0900 JST

NotAfter:   2017-12-29 09:00:00 +0900 JST

CommonName: imap.gmail.com

SANs:       [imap.gmail.com]

Error:

```

## Options

```sh

$ cert --help

Usage of cert:

  -c string

        Specify cipher suite. Refer to https://golang.org/pkg/crypto/tls/#pkg-constants for supported cipher suites.

  -cipher string

        Specify cipher suite. Refer to https://golang.org/pkg/crypto/tls/#pkg-constants for supported cipher suites.

  -f string

        Output format. md: as markdown, json: as JSON.  (default "simple table")

  -format string

        Output format. md: as markdown, json: as JSON.  (default "simple table")

  -k    Skip verification of server's certificate chain and host name.

  -s int

        Timeout seconds. (default 3)

  -skip-verify

        Skip verification of server's certificate chain and host name.

  -t string

        Output format as Go template string or Go template file path.

  -template string

        Output format as Go template string or Go template file path.

  -timeout int

        Timeout seconds. (default 3)

  -u    Use UTC to represent NotBefore and NotAfter.

  -utc

        Use UTC to represent NotBefore and NotAfter.

  -v    Show version.

  -version

        Show version.

```

### Output as JSON

Use `cert -f json`.

```sh

$ cert -f json github.com | jq .

[

  {

    "DomainName": "github.com",

    "IP": "192.30.255.112",

    "Port": "443",

    "Issuer": "DigiCert SHA2 Extended Validation Server CA",

    "CommonName": "github.com",

    "SANs": [

      "github.com",

      "www.github.com"

    ],

    "NotBefore": "2016-03-10 09:00:00 +0900 JST",

    "NotAfter": "2018-05-17 21:00:00 +0900 JST",

    "Error": ""

  }

]

```

### Output as Markdown

Use `cert -f md`.

```sh

$ cert -f md github.com

DomainName | IP | Port | Issuer | NotBefore | NotAfter | CN | SANs | Error

--- | --- | --- | --- | --- | --- | --- | --- | ---

github.com | 192.30.255.113 | 443 | DigiCert SHA2 Extended Validation Server CA | 2016-03-10 09:00:00 +0900 JST | 2018-05-17 21:00:00 +0900 JST | github.com | github.com
www.github.com
 |

```

DomainName | IP | Port | Issuer | NotBefore | NotAfter | CN | SANs | Error

--- | --- | --- | --- | --- | --- | --- | --- | ---

github.com | 192.30.255.113 | 443 | DigiCert SHA2 Extended Validation Server CA | 2016-03-10 09:00:00 +0900 JST | 2018-05-17 21:00:00 +0900 JST | github.com | github.com
www.github.com
 |

### Specify output format by Go template

Use `cert -t`.

By direct string.

```sh

$ cert -t "{{range .}}{{.Issuer}}{{end}}" github.com

DigiCert SHA2 Extended Validation Server CA

```

By template file.

```sh

$ cat /tmp/cert_templ

{{range .}}{{range .CertChain}}Issuer: {{.Issuer.CommonName}}

{{end}}{{end}}

$

$ cert -t /tmp/cert_templ github.com

Issuer: DigiCert SHA2 Extended Validation Server CA

Issuer: DigiCert High Assurance EV Root CA

```

### Specify cipher suite

see https://github.com/genkiroid/cert/issues/13

You can specify cipher suite.

As a result, you can get the information of each certificate.

Note that the issuers are different in the following example.

```sh

# Get information of the certificate using RSA signature/public key algorithm.

$ cert -cipher TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 cloudflaressl.com

DomainName: cloudflaressl.com

IP:         104.20.47.142

Port:       443

Issuer:     COMODO RSA Domain Validation Secure Server CA 2

NotBefore:  2019-08-23 09:00:00 +0900 JST

NotAfter:   2020-03-01 08:59:59 +0900 JST

CommonName: ssl509631.cloudflaressl.com

SANs:       [ssl509631.cloudflaressl.com *.cloudflaressl.com cloudflaressl.com]

Error:

# Get information of the certificate using ECDSA signature/public key algorithm.

$ cert -cipher TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 cloudflaressl.com

DomainName: cloudflaressl.com

IP:         104.20.48.142

Port:       443

Issuer:     COMODO ECC Domain Validation Secure Server CA 2

NotBefore:  2019-08-23 09:00:00 +0900 JST

NotAfter:   2020-03-01 08:59:59 +0900 JST

CommonName: ssl509632.cloudflaressl.com

SANs:       [ssl509632.cloudflaressl.com *.cloudflaressl.com cloudflaressl.com]

Error:

```

**If you specify a cipher suite, the maximum TLS version used is limited to TLS1.2. This is because if the server supports TLS1.3, the specified cipher suite is ignored and communication is performed using TLS1.3. This eliminates the meaning of specifying a cipher suite and confuses us. This specification will change when the cipher suite for Tls1.3 becomes configurable in Go.**

## License

[MIT](https://github.com/genkiroid/cert/blob/main/LICENSE)

## Author

[genkiroid](https://github.com/genkiroid)