Use OpenSSL para ler as informações do certificado SSL do site atual

Eu estava usando a atualização dos certificados SSL do meu site outro dia e queria uma maneira segura e rápida de verificar se o servidor estava realmente servindo o novo certificado. Com algumas leituras do GoogleFu e do homem, eu descobri:

$ openssl s_client -connect www.github.com:443  < /dev/null 2>/dev/null | openssl x509 -noout -fingerprint -subject -email -dates -fingerprint

subject
= /businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550/street=548 4th Street/postalCode=94107/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com
notBefore
=Jun 10 00:00:00 2013 GMT
notAfter
=Sep 2 12:00:00 2015 GMT
SHA1
Fingerprint=D7:12:E9:69:65:DC:F2:36:C8:74:C7:03:7D:C0:B2:24:A9:3B:D2:33

Também é possível despejar todo o certificado em formato de texto se você realmente precisar disso, mas é mais difícil para verificações rápidas (sem alguma ação grep):

$ openssl s_client -connect www.github.com:443  < /dev/null 2>/dev/null | openssl x509 -noout -text

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:7f:be:2e:4b:de:00:84:d2:ca:f8:e3:ec:fe:70:58
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV CA-1
Validity
Not Before: Jun 10 00:00:00 2013 GMT
Not After : Sep 2 12:00:00 2015 GMT
Subject: businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550/street=548 4th Street/postalCode=94107, C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA
Public Key: (2048 bit)
Modulus (2048 bit):
00:ed:d3:89:c3:5d:70:72:09:f3:33:4f:1a:72:74:
d9
:b6:5a:95:50:bb:68:61:9f:f7:fb:1f:19:e1:da:
04:31:af:15:7c:1a:7f:f9:73:af:1d:e5:43:2b:56:
09:00:45:69:4a:e8:c4:5b:df:c2:77:52:51:19:5b:
d1
:2b:d9:39:65:36:a0:32:19:1c:41:73:fb:32:b2:
3d:9f:98:ec:82:5b:0b:37:64:39:2c:b7:10:83:72:
cd
:f0:ea:24:4b:fa:d9:94:2e:c3:85:15:39:a9:3a:
f6
:88:da:f4:27:89:a6:95:4f:84:a2:37:4e:7c:25:
78:3a:c9:83:6d:02:17:95:78:7d:47:a8:55:83:ee:
13:c8:19:1a:b3:3c:f1:5f:fe:3b:02:e1:85:fb:11:
66:ab:09:5d:9f:4c:43:f0:c7:24:5e:29:72:28:ce:
d4
:75:68:4f:24:72:29:ae:39:28:fc:df:8d:4f:4d:
83:73:74:0c:6f:11:9b:a7:dd:62:de:ff:e2:eb:17:
e6
:ff:0c:bf:c0:2d:31:3b:d6:59:a2:f2:dd:87:4a:
48:7b:6d:33:11:14:4d:34:9f:32:38:f6:c8:19:9d:
f1
:b6:3d:c5:46:ef:51:0b:8a:c6:33:ed:48:61:c4:
1d:17:1b:bd:7c:b6:67:e9:39:cf:a5:52:80:0a:f4:
ea
:cd
Exponent: 65537 (0x10001)
X509v3 extensions
:
X509v3
Authority Key Identifier:
keyid
:4C:58:CB:25:F0:41:4F:52:F4:28:C8:81:43:9B:A6:A8:A0:E6:92:E5

X509v3
Subject Key Identifier:
87:D1:8F:19:6E:E4:87:6F:53:8C:77:91:07:50:DF:A3:BF:55:47:20
X509v3
Subject Alternative Name:
DNS
:github.com, DNS:www.github.com
X509v3
Key Usage: critical
Digital Signature, Key Encipherment
X509v3
Extended Key Usage:
TLS
Web Server Authentication, TLS Web Client Authentication
X509v3 CRL
Distribution Points:
URI
:http://crl3.digicert.com/evca1-g2.crl
URI
:http://crl4.digicert.com/evca1-g2.crl

X509v3
Certificate Policies:
Policy: 2.16.840.1.114412.2.1
CPS
: http://www.digicert.com/ssl-cps-repository.htm
User Notice:
Explicit Text:

Authority Information Access:
OCSP
- URI:http://ocsp.digicert.com
CA
Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceEVCA-1.crt

X509v3
Basic Constraints: critical
CA
:FALSE
Signature Algorithm: sha1WithRSAEncryption
5f:15:6d:67:c3:3a:d5:a3:de:16:9c:45:33:26:d5:3d:c9:16:
74:34:ca:87:48:1b:14:90:6d:f5:ab:47:86:b9:f5:b8:e3:01:
45:65:68:ee:a9:12:75:9f:76:26:ef:11:7c:7d:38:cf:dd:f7:
4a:19:09:f1:20:72:92:b0:4d:27:ba:e8:7f:5d:b4:17:e4:3a:
41:26:49:c7:74:61:68:2f:06:3c:c5:9f:49:3c:8e:7b:be:0b:
f3
:2e:8f:3e:7f:01:f2:66:9d:d5:9b:fa:39:21:82:c4:41:58:
92:a3:e9:e5:39:25:10:f1:80:15:aa:ee:8a:72:c3:ff:7b:ad:
76:52:2a:92:f9:43:01:9a:07:71:f4:a3:c3:0f:36:72:e0:c2:
59:0b:68:5b:7d:4a:17:8f:d0:39:e2:62:4d:f1:cb:84:38:fc:
b0
:dd:cd:f2:28:e7:2a:fe:1e:3c:2b:35:60:b9:05:e2:49:d2:
5b:c1:fa:8d:21:b4:3d:a0:93:3e:63:30:e3:cd:2e:b6:f9:30:
ad
:35:23:56:cd:66:f0:00:16:42:9a:e4:31:2b:4a:04:39:26:
d3
:99:b8:71:50:5e:eb:34:3d:ff:fa:6c:7d:bb:c7:18:ff:fe:
ee
:03:12:d6:61:2e:60:21:99:42:6f:17:1f:d2:59:22:29:21:
c9
:07:7d:7d

Eu gosto das páginas de manual do Ubuntu, mas não é específico do Ubuntu ou mesmo do Debian. Aqui estão alguns links para leituras adicionais: