Tip: Retrieving server certificate used in SSL communication (e.g. POP3s)

If you would like to get the security certificate used by a server in communication over SSL, such as with the HTTPS or POP3s protocols, for instance to install it on a client device that needs to talk to the server, you can use OpenSSL to retrieve it:



bash$ openssl s_client -connect pop.gmail.com:995 -showcerts



You then store the text starting with "-----BEGIN CERTIFICATE-----" and ending with "-----END CERTIFICATE-----" (inclusive) into a file with the extension .pem.

You can also use openssl to convert the certificate into another format, e.g.:



bash$ openssl x509 -in mycertificate.pem -inform PEM -out mycertificate.der -outform DER



The information originates from the page Gmail POP3 with Fetchmail where you can find a more detailed description and also instructions for testing the certificate.

Tags: security


Copyright © 2019 Jakub Holý
Powered by Cryogen
Theme by KingMob