Validate TLS handshake using command line (linux) #
echo quit | openssl s_client -showcerts -servername <HOST> -connect <HOST>:443 > cacert.pem
Export private key from pfx #
openssl pkcs12 -in <PFX_FILE> -nocerts -out <KEY_FILE>
Remove passphrase from private key #
openssl rsa -in <KEY_FILE> -out <NO_PRIVATE_KEY_FILE>
Check a PKCS#12 file (.pfx or .p12) #
openssl pkcs12 -info -in <P12_OR_PFX_FILE>
Convert a DER file (.crt .cer .der) to PEM #
openssl x509 -inform der -in certificate.cer -out certificate.pem
Get certificate end date #
openssl x509 -in <PEM_FILE> -noout -enddate
Find if the bit size of a certificate (2048 or 4096) #
openssl x509 -text -noout -in certificate.crt
Look for Public-Key: (2048 bit)