FreeKB - 0 View SSL certificate using CURL on Linux
View SSL certificate using CURL on Linux

When a server is configured to use SSL/TLS so that packets exchanged between the client and server are encrypted, the client will need to obtain the certificate from the server. For example, the following diagram illustrates how a client would obtain the certificate from an HTTPS web server.


The CURL command can be used to identify the certificate that the server presents to the client.

curl --verbose


If a certificate is being presented, basic information about the certificate should be displayed.

* Server certificate:
*        subject:,OU=foo,O=bar
*        start date:  Jan 01 2019
*        expire date: Jan 01 2021
*        common name:
*        issuer:      CN=VeriSign Certification Authority


NSS error -12286

If you get NSS error 12286 when attempting to connect to a site, try updating curl and nss.

yum update curl
yum update nss


Target URL

You only need to use the hostname of the web server, such as or or In other words, there is no need to use a sub directory, such as, since the certificate would be provided by just

curl --verbose


grep the output

Curl writes output to stderr, not stdout, you'll need to use 2>&1 if you want to pipe the output to grep.

curl --verbose 2>&1 | grep expire

*        expire date: Jan 01 2021


define timeout to prevent hangs

Issues can cause cURL to hang sometimes. To prevent cURL from hanging for to long, you can use the -m or ---max-time option followed by the number of seconds that cURL should hold tight before closing the connection to the remove server. In this second, cURL will timeout after 10 seconds.

curl --max-time 10


--insecure (certificate authority not recognized)

If the -k or --insecure option are not used, cURL will only get certificates that have been issued by a trusted certificate authority (CA). If you want to get certificates from both a trusted and untrusted certificate authority, use the -k or --insecure option.

curl --verbose --insecure


Certificate chain

Let's say there is a certificate chain, like this. cURL will only get the server certificate. If you need to determine each certificate used in the certificate chain, you are much better off using openSSL.

  - (root certificate)
  -- (intermediate certificate)
  --- * (server certificate)


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter a33d4 in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |