Tip: Retrieving server certificate used in SSL communication (e.g. POP3s)
Posted by Jakub Holý on October 21, 2010
If you would like to get the security certificate used by a server in communication over SSL, such as with the HTTPS or POP3s protocols, for instance to install it on a client device that needs to talk to the server, you can use OpenSSL to retrieve it:
bash$ openssl s_client -connect pop.gmail.com:995 -showcerts
You then store the text starting with “—–BEGIN CERTIFICATE—–” and ending with “—–END CERTIFICATE—–” (inclusive) into a file with the extension .pem.
You can also use openssl to convert the certificate into another format, e.g.:
bash$ openssl x509 -in mycertificate.pem -inform PEM -out mycertificate.der -outform DER
The information originates from the page Gmail POP3 with Fetchmail where you can find a more detailed description and also instructions for testing the certificate.
Sorry, the comment form is closed at this time.