The Holy Java

Building the right thing, building it right, fast

Tip: Retrieving server certificate used in SSL communication (e.g. POP3s)

Posted by Jakub Holý on October 21, 2010

If you would like to get the security certificate used by a server in communication over SSL, such as with the HTTPS or POP3s protocols, for instance to install it on a client device that needs to talk to the server, you can use OpenSSL to retrieve it:

bash$ openssl s_client -connect -showcerts

You then store the text starting with “—–BEGIN CERTIFICATE—–” and ending with “—–END CERTIFICATE—–” (inclusive) into a file with the extension .pem.

You can also use openssl to convert the certificate into another format, e.g.:

bash$ openssl x509 -in mycertificate.pem -inform PEM -out mycertificate.der -outform DER

The information originates from the page Gmail POP3 with Fetchmail where you can find a more detailed description and also instructions for testing the certificate.


Sorry, the comment form is closed at this time.

%d bloggers like this: