Securing data exchanged over the internet is essential, and SSL/TLS certificates play a key role by encrypting communication between users and servers. Sometimes, you may want to download an SSL certificate from a website for local verification, perhaps to ensure the site’s authenticity or to troubleshoot secure connections. In this guide, we’ll walk through easy ways to download and verify SSL certificates from any website.
TL;DR
To download an SSL certificate for local verification, use openssl
in the terminal with openssl s_client -showcerts -connect example.com:443 </dev/null | openssl x509 -outform PEM > example_com_cert.pem
or save it directly from the browser by viewing the certificate details.
openssl s_client -showcerts -connect example.com:443 </dev/null | openssl x509 -outform PEM > example_com.pem
Table of contents
Why Download SSL Certificates?
Downloading a website’s SSL certificate can help you:
- Verify Authenticity: Confirm that the certificate is valid, properly issued, and correctly configured.
- Troubleshoot Issues: Resolve problems with secure connections by examining certificate details.
- Compliance Auditing: Check if a site’s SSL certificate meets your organization’s security standards.
Method 1: Downloading SSL Certificates via OpenSSL (Command Line)
This method works on Linux, macOS, and Windows (if you have OpenSSL installed). The openssl
tool can connect to the website, retrieve the certificate, and save it in .pem
format for easy verification.
Steps:
1. Open your terminal (Command Prompt or PowerShell for Windows).
2. Use the following command to connect to the site and save its certificate locally. Replace example.com
with the target domain:
openssl s_client -showcerts -connect example.com:443 </dev/null | openssl x509 -outform PEM > example_com.pem
3. This command does the following:
s_client -showcerts -connect example.com:443
: Connects to the specified website and retrieves its certificate chain.| openssl x509 -outform PEM
: Converts the certificate into PEM format for better compatibility.> example_com_cert.pem
: Saves the certificate to a file namedexample_com_cert.pem
.
4. Now, you have the certificate saved locally. You can open it in a text editor or inspect its details using:
openssl x509 -in example_com_cert.pem -text -noout
Method 2: Downloading SSL Certificates via Web Browser (Google Chrome)
This is a quick method that doesn’t require command-line tools, and it is ideal for users who are more comfortable with browsers.
Steps:
1. Open Google Chrome and navigate to the target website.
2. Click on the view site information icon in the address bar to open the site information.
3. Select the Connection is secure
option
4. Click on Certificate is valid
option
5. In the certificate information window, go to the Details tab.
6. Click on Export
to open the Certificate Export Wizard.
7. Follow the wizard steps to save the certificate locally. Choose a format like .cer
or .pem
for easy verification.
Verifying the Downloaded SSL Certificate
Once you have the certificate file locally, you can inspect its contents to verify its legitimacy.
1. OpenSSL Method: Use openssl
in your terminal to display the certificate details:
openssl x509 -in example_com.pem -text -noout
This will show the certificate’s issuer, subject, validity period, and extensions, allowing you to verify if a trusted CA issued it and hasn’t expired.
2. Inspect Manually: Open the certificate in a text editor (for .pem
) or a certificate viewer tool to view its details manually.
Conclusion
Downloading an SSL certificate from a website can be beneficial for various reasons, from security verification to troubleshooting. Whether you prefer the command line or a graphical browser approach, you now have simple, effective methods for obtaining and verifying SSL certificates. For IT professionals, developers, and security analysts, this skill is invaluable in ensuring secure, trusted connections on the web.