You can display all of the server’s certificates using the following command:

$ openssl s_client -showcerts server.name:port | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p'

This output can be piped or copy/pasted to a text file (only keep the parts between the BEGIN and END CERTIFICATE sections) and give it a .crt file extension. You can then use it as input to whatever client app needs it.

In the below example we pipe the openssl output to grep to remove the identifiers of the certificates. You may not get your prompt back until the command times out, so you should wait a bit and after a bit you should get something similar to the following output:

Let’s say we have a file that contains sensitive information and we want to encyrpt it. You can encrypt a file very easily using the openssl command:

$ cat secret.txt This file contains some very secret stuff $ openssl enc -e -aes-256-cbc -pbkdf2 -a -salt -in secret.txt -out secret.enc enter aes-256-cbc encryption password: <enter-a-password> Verifying - enter aes-256-cbc encryption password: <enter-a-password> $ cat secret.enc U2FsdGVkX19Rnz48WjLeljd19wvNOhQy+zzYwxCANezCTkqpGMl9zs4HdwdUzZjl VQkUsCJ7b0rUpRi83UlcwA==

I’ve had situations where I was configuring a secure connection to an application and needed to know where the SSL certificates are stored on the server. You can easily find out this information using the openssl and grep commands:

$ openssl version -a | grep OPENSSLDIR OPENSSLDIR: "/etc/pki/tls"