Checking Public SSL Certificate

Joseph·2025년 11월 15일
post-thumbnail

Overview

Most of the cases, we need to check the ssl stream if the connection is funtioning properly or not.
To do this, I suggest the two options below.
In this post, I will use my exchange server certificate issued to "mail.cake.run.place"

0. Index

  1. Using browser
    1.1. Chrome
    1.2 Edge
  2. Using command
    2.1 Curl
    2.2 OpenSSL
    2.3 PowerShell

1. Using browser

1.1 Chrome

1.2 Edge

2. Using command

2.1 Curl

Just simply execute this command from the terminal.

curl -v https://mail.cake.run.place

e.g.,

2.2 OpenSSL

openssl s_client -connect mail.cake.run.place:443 </dev/null 2>/dev/null \
  | openssl x509 -noout -subject -issuer -dates -fingerprint

e.g.,

2.3 PowerShell

  1. More simple way
$request = [System.Net.HttpWebRequest]::Create("https://mail.cake.run.place")
$request.GetResponse()
$request.ServicePoint.Certificate.Issuer

e.g.,

  1. More Classic way
$url = "mail.cake.run.place"
$port = 443

$tcp = [System.Net.Sockets.TcpClient]::new($url,$port)
$ssl = [System.Net.Security.SslStream]::new($tcp.GetStream(), $false, ({$true}))
$ssl.AuthenticateAsClient($url)

$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($ssl.RemoteCertificate)
$cert | fl

$tcp.Close()
$ssl.Close()

e.g.,

Result

For the AIP or entra id hybrid joined devices, you should bypass some urls from the ssl inspection. Or you might struggle to troubleshoot to resolve it.
I hope you guys can debug using the options I suggest in this post.

profile
Joseph
이전 포스트

[Exchange Hybrid] EWS → Dedicated Hybrid app

다음 포스트

IIS ARR Configuration with ExSvr

0개의 댓글