SSL certificates, SAML certificates, Signing certificates the number is long of different kinds of certificates and you might need to check the name of a certificate, the start or end date or perhaps the thumbprint.
I use the tool mainly to get end dates of certificates sent to me from customers because I hate when they expire and need to be changed without any preparation. And the worst kind that most administrators often miss is the certificates that is auto created i.e. in ADFS servers, Azure Enterprise apps, Okta
With Certinfo it super simple to check a certificate CertInfo.exe -file <path to file> -enddate will print the end date and time on the console. Or you can do CertInfo.exe -cert <Base64 of cert> -subject and you will get the subject of the cert.
In version 2 I’ve also added -url as a parameter to get the certificate directly of the webserver.
Version 3 this version have a new parameter called -urlfile it takes an text file with webserver adresses or ip adresses separated with newline and will return the info from all of them.
Version 4 has a parameter to get the info saved in a csv format. also the property -urlinfo to print out the url send in to the command. also the parameter -urlfilestring this enabled you to add a semicolon after the url in a text file and print out this for each line, good when you do a csv printout.
And finally a fix is applied to prevent redirect this is to get the cert from the server that is requested even if it redirects the request.
Windows
certutil.exe with many options.
Linux
Mainly OpenSSL — Yes very powerful, put also very cryptic.
Most admins have their cook books finding the right OpenSSL command line options.
I blogged a couple of times about OpenSSL.
Java
The Java tool is specially interesting.
The tool comes with every Domino JVM and has two interesting options:
This shows all the infos directly from a server:
keytool -printcert -sslserver blog.nashcom.de
This dump the cert info
keytool -printcert -rfc -sslserver blog.nashcom.de
Check the command-line help for more options (too many for this blog comment).
Even cooler Domino CertMgr can import certs directly into TLS Credentials docs.
And trusted roots into trusted root documents.
And you can also import trusted roots directly from web servers as well with Domino 12.0.2.
There are a lot of options in Domino.
All the import options allow automatical filtering and sorting for certificate chains.
And auto completion with certificates in your trusted roots in cerstore.nsf.
Yes, there is so many options out there and Domino 12.02 is a big release in many aspects.
Thanks for sharing
somehow the beginning of my test is cut off. I had some test before the info about the different tools I wrote some other text. hmmm…
was it too long?