Everything you need to know about printing (displaying) SSL certificate details and comparing two SSL certificates using practical, real-world tools.
- There isn’t a standard tool or command named “SSL Print” in the SSL/TLS world.
- But—in industry slang, “SSL Print” often refers to the process of printing (displaying) the details of an SSL certificate in a readable form (like its subject, issuer, serial, validity, fingerprint, etc.).
- This is commonly done using tools like
opensslorkeytool.
- Sysadmins and security engineers will “print” SSL certificate details to verify, compare, or audit certificates.
- The main purpose: Visual inspection and comparison of certificate properties.
Here are a couple of ways to “print” SSL certificate info:
openssl x509 -in server.crt -text -noout-in server.crt: Input your certificate file-text: Display in a human-readable form-noout: Don’t display the encoded certificate
openssl s_client -connect example.com:443 -servername example.com < /dev/null | openssl x509 -text -noout- This fetches and prints the certificate from a live server.
keytool -printcert -file server.crtLet’s get detailed and practical!
Not reliable, because the encoding or formatting may differ even if the cert is functionally identical.
openssl x509 -in cert1.crt -noout -text > cert1.txt
openssl x509 -in cert2.crt -noout -text > cert2.txt
diff cert1.txt cert2.txtdiffwill highlight differences in the fields.
openssl x509 -in cert1.crt -noout -fingerprint
openssl x509 -in cert2.crt -noout -fingerprint- If the fingerprints (SHA1, SHA256, or MD5) match, the certs are identical.
Example:
openssl x509 -in cert1.crt -noout -sha256 -fingerprint
openssl x509 -in cert2.crt -noout -sha256 -fingerprintExtract fields like Subject, Issuer, Validity, and Serial Number and compare them.
Extract subject:
openssl x509 -in cert1.crt -noout -subject
openssl x509 -in cert2.crt -noout -subjectExtract issuer:
openssl x509 -in cert1.crt -noout -issuer
openssl x509 -in cert2.crt -noout -issuerCompare public key:
openssl x509 -in cert1.crt -noout -pubkey | openssl pkey -pubin -outform pem | sha256sum
openssl x509 -in cert2.crt -noout -pubkey | openssl pkey -pubin -outform pem | sha256sum- If the hash output is the same, public keys are identical.
You can also paste two certificates into online tools (like SSLShopper) to visually compare them, but this is less secure for sensitive data.
| Property | Description | OpenSSL Command Example |
|---|---|---|
| Fingerprint | Unique hash of the cert | -fingerprint |
| Subject | Who the cert is issued to | -noout -subject |
| Issuer | Who issued the cert | -noout -issuer |
| Serial Number | Unique serial for the cert | -noout -serial |
| Validity | Start and end dates | -noout -dates |
| SANs | Subject Alternative Names (DNS, IP, etc.) | -text (look for X509v3 Subject Alt Name) |
| Public Key | Actual cryptographic key | -noout -pubkey + hash/compare |
#!/bin/bash
openssl x509 -in "$1" -noout -sha256 -fingerprint
openssl x509 -in "$2" -noout -sha256 -fingerprintUsage:
bash compare_certs.sh cert1.crt cert2.crt- "SSL Print" just means "show me the details of an SSL certificate."
- You can do it with tools like
openssl x509 -in mycert.crt -text -noout. - To compare two SSL certificates:
- Print their text and use
diff. - Or compare their fingerprints.
- Or extract/compare specific fields (subject, issuer, validity).
- Print their text and use
- Always prefer comparing fingerprints for exact match; for property-level comparison, look at individual fields.
⭐ Star this gist to bookmark it!
👥 Follow @Sharique55 for more Java, VSCode, Linux, Git, and Cloud goodness!
🔄 Share it with your team, and Click here for more such Gists