/chkcerts

A Go program to display certificate chains simply and quickly with an easy to remember syntax

Primary LanguageGoApache License 2.0Apache-2.0

GitHub
GitHub all releases GitHub repo size GitHub contributors

Twitter Follow

chkcerts

A Go program to display certificate chains and validate their order in the same vein as ssl-tester but more flexible.

Usage

chkcerts https://chrisshort.net

chkcerts https://chrisshort.net 90

Example Output (no days)

Subject: *.chrisshort.net
Issuer: R3
Valid from: 2023-04-25 02:30:44 +0000 UTC
Valid until: 2023-07-24 02:30:43 +0000 UTC
Serial number: 403588798235445259445834570997555816122123
DNS Names: [*.chrisshort.net chrisshort.net]
IP Addresses: []
Signature algorithm: SHA256-RSA
-----
Subject: R3
Issuer: ISRG Root X1
Valid from: 2020-09-04 00:00:00 +0000 UTC
Valid until: 2025-09-15 16:00:00 +0000 UTC
Serial number: 192961496339968674994309121183282847578
DNS Names: []
IP Addresses: []
Signature algorithm: SHA256-RSA
-----
Subject: ISRG Root X1
Issuer: DST Root CA X3
Valid from: 2021-01-20 19:14:03 +0000 UTC
Valid until: 2024-09-30 18:14:03 +0000 UTC
Serial number: 85078200265644417569109389142156118711
DNS Names: []
IP Addresses: []
Signature algorithm: SHA256-RSA
-----
Certificate chain is valid and in the correct order.

Example Output with Days

Subject: *.chrisshort.net
Issuer: R3
Valid from: 2023-04-25 02:30:44 +0000 UTC
Valid until: 2023-07-24 02:30:43 +0000 UTC (66 days left)
Serial number: 403588798235445259445834570997555816122123
DNS Names: [*.chrisshort.net chrisshort.net]
IP Addresses: []
Signature algorithm: SHA256-RSA
-----
Subject: R3
Issuer: ISRG Root X1
Valid from: 2020-09-04 00:00:00 +0000 UTC
Valid until: 2025-09-15 16:00:00 +0000 UTC
Serial number: 192961496339968674994309121183282847578
DNS Names: []
IP Addresses: []
Signature algorithm: SHA256-RSA
-----
Subject: ISRG Root X1
Issuer: DST Root CA X3
Valid from: 2021-01-20 19:14:03 +0000 UTC
Valid until: 2024-09-30 18:14:03 +0000 UTC
Serial number: 85078200265644417569109389142156118711
DNS Names: []
IP Addresses: []
Signature algorithm: SHA256-RSA
-----
Certificate chain is valid and in the correct order.

About

There's a general lack of understanding of how TLS works, the certificate chains used, or cryptography in general. Creating command line tools to help show folks how things work can't hurt, right?