How to terminate OpenSSL s_client after connection
You can achieve the desired effect by using a pipe to pass in the character "Q". This makes for a great one-liner for a script:
echo "Q" | openssl s_client -connect host:port
If you are using a sufficiently new version of BASH, you can also use the triple less-than redirect instead of piping (some times a pipe isn't usable since it operates on stdin/stdout):
openssl s_client -connect host:port <<< "Q"
Entering the letter 'Q' at the beginning of a blank line will end an active connection. I've seen s_client get into states where this does not do anything, but this is the documented way to quit a session.
If you want to do this in batch mode, just create a text file with the letter 'Q' followed by a carriage return and direct it into the end of the command like so:
openssl s_client -connect host:port < Q.txt
I tried this and it works.
I have a following in my $profile
and simply call that with cert github.com
or cert github.com 15
if I need to extend the output. Works until now.
# $profilefunction test-certificate($domain, $contextLength = 10) { $domain += ":443" echo "q" | openssl s_client -connect $domain | openssl x509 -noout -enddate | sls "notAfter.*" echo "q" | openssl s_client -connect $domain | sls "certificate chain" -Context $contextLength write-host "~~~" -ForegroundColor darkcyan write-host "If needed, pass a desired output length after domainname" -ForegroundColor darkcyan}Set-Alias cert test-certificate
Edit: to resolve unable to get local issuer certificate
, download a certificate package from https://curl.se/docs/caextract.html. I don't do it programmatically, so I ended up with
function test-certificate($domain, $contextLength = 10) { $cacertPath = "c:\Users\Admin\tools\cacert.pem" #←EDIT THIS $domain += ":443" echo "q" | openssl s_client -connect $domain -CAfile $cacertPath | openssl x509 -noout -enddate | sls "notAfter.*" echo "q" | openssl s_client -connect $domain -CAfile $cacertPath | sls "certificate chain" -Context $contextLength Write-Host "~~~" -ForegroundColor darkcyan Write-Host "→ If needed, pass a desired output length after domainname" -ForegroundColor darkcyan Write-Host "→ To update the list of trusted Certificates, run:" -ForegroundColor darkcyan Write-Host "→ Invoke-WebRequest https://curl.se/ca/cacert.pem -OutFile 'c:\Users\Admin\tools\cacert.pem'" -ForegroundColor darkcyan Write-Host "~~~" -ForegroundColor darkcyan}