Check SSL Certificate on Server using Nmap

Check SSL Certificate on Server using Nmap

Nmap is a network scanning tool which has various scripts that provide additional functionality. This tutorial shows how to check SSL certificate on server using Nmap.

The ssl-cert script allows checking SSL certificate for particular server:

nmap --script ssl-cert -p 443 google.com

A part of the output:

Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-08 01:33 UTC
...

PORT    STATE SERVICE
443/tcp open  https
| ssl-cert: Subject: commonName=*.google.com
| Subject Alternative Name: DNS:*.google.com, ...
| Issuer: commonName=GTS CA 1C3/organizationName=Google Trust Services LLC/countryName=US
| Public Key type: ec
| Public Key bits: 256
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2022-07-18T08:18:57
| Not valid after:  2022-10-10T08:18:56
| MD5:   8457 d382 77c3 d571 eab4 a5af 7238 7952
|_SHA-1: 6afa eec0 b002 2fe3 77ac 150e a99a ebf0 70b3 e103

Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds

To include certificate in the output, increase verbosity with option -v:

nmap --script ssl-cert -p 443 -v google.com

A part of the output:

Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-08 01:45 UTC
...

PORT    STATE SERVICE
443/tcp open  https
| ssl-cert: Subject: commonName=*.google.com
...
| -----BEGIN CERTIFICATE-----
| MIIN1jCCDL6gAwIBAgIRAKxpCb0iO1BbCljQ+AiZIYAwDQYJKoZIhvcNAQELBQAw
| RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
| TEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjIwNzE4MDgxODU3WhcNMjIxMDEw
| MDgxODU2WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggq
...
| F3l1be6II8NmYbzguTCgCVdABjVU27OGXiGFg2LD6Jmyn/bM6YysZ9a4N1VgA2wh
| huzSdy/yZo216mrtIOv3MP/Rozw3ftvF0mVukQ89wR17sf2R6zxKfpCAppUo8u0+
| bBypB+T/PYjkMdsYUdJn7GPIVigXXqsh5siS9XPj6o89ClkzlvsO7ePG
|_-----END CERTIFICATE-----
...

Leave a Comment

Cancel reply

Your email address will not be published.