Scripting OpenSSL just to extract Certificate Chain and Cert Expiry date


  • The concern is documenting the need to quickly check the
  • certificate chain
  • certificate expiry date
  • using a single command from PowerShell with OpenSSL

1. steps

function test-certificate($domain) {
$domain += ":443"
openssl s_client -connect $domain | sls "certificate chain" -Context 5
  • and
openssl s_client -connect | openssl x509 -noout -enddate

2. passing the “Q” key into the command

  • s_client opens the client that is awaiting for the input
  • I need to pass the q into the script for the s_client to end gracefully and immediatelly
  • which is achieved with write-output "q" | ...
  • echo is alias for write-output cmdlet
echo "q" | openssl s_client -connect github:443

3. solution

  • just adding the following to the $profile
  • passing the domain e.g. cert and pressing Q to continue
  • this is just for a quick interactive check
function test-certificate($domain, $contextLength = 10) {

$domain += ":443"
echo "q" | openssl s_client -connect $domain | openssl x509 -noout -enddate | sls "notAfter.*"
echo "q" | openssl s_client -connect $domain | sls "certificate chain" -Context $contextLength
write-host "~~~" -ForegroundColor darkcyan
write-host "If needed, pass a desired output length after domainname" -ForegroundColor darkcyan
Set-Alias cert test-certificate

4. sources

today I learnt… | as a support eng of the wonderful Snowplow Analytics, expect everything around modern (postmodern?) business intelligence

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store