Tip: Retrieving server certificate used in SSL communication (e.g. POP3s)

If you would like to get the security certificate used by a server in communication over SSL, such as with the HTTPS or POP3s protocols, for instance to install it on a client device that needs to talk to the server, you can use OpenSSL to retrieve it:

bash$ openssl s_client -connect pop.gmail.com:995 -showcerts

You then store the text starting with “—–BEGIN CERTIFICATE—–” and ending with “—–END CERTIFICATE—–” (inclusive) into a file with the extension .pem.

You can also use openssl to convert the certificate into another format, e.g.:

bash$ openssl x509 -in mycertificate.pem -inform PEM -out mycertificate.der -outform DER

The information originates from the page Gmail POP3 with Fetchmail where you can find a more detailed description and also instructions for testing the certificate.

Published by Jakub Holý

I’m a JVM-based developer since 2005, consultant, and occasionally a project manager, working currently with Iterate AS in Norway.