# showcert - simple OpenSSL for humans
Showcert tries to follow these principles:
- Simple things must be simple. More complex things may require some options.
- Be simple and cover 9/10 routine certificate-related tasks.
- If showcert missing some rarely used feature and user needs to use openssl for it - okay.
~~~bash
# You will never forget how to use it:
$ showcert github.com
IP: 140.82.121.3
Names: github.com www.github.com
notBefore: 2022-03-15 00:00:00 (182 days old)
notAfter: 2023-03-15 23:59:59 (183 days left)
Issuer: C=US O=DigiCert Inc CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
# Compare it against openssl:
# two redirections, pipe, two invokations and 5 unneeded options
$ openssl s_client -connect github.com:443 </dev/null 2>/dev/null | openssl x509 -inform pem -text
# View Google SMTP server cert. starttls mode selected automatically. Same for POP3/IMAP and any simple TLS service
$ showcert smtp.google.com:25
# Save full chain of google.com certificates to local PEM file
$ showcert --chain -o pem google.com > google-fullchain.pem
# Warn about any LetsEncrypt cert which will expire in 50 days or less
# :le is just special token, replaced to /etc/letsencrypt/live/*/fullchain.pem
$ sudo showcert -q :le -w50 || echo panic
/etc/letsencrypt/live/my.example.com/fullchain.pem expires in 47 days
panic
~~~
## STARTTLS implementation
showcert has built-in support for STARTTLS for SMTP (port 25), POP3 (port 110) and IMAP (port 143). You can select proper method with `--starttls` option (or disable it with `--starttls no`), but default value (`auto`) is OK for most cases. This option is needed only if you test servers on non-standard ports.
## Installation
As any usual python package:
- `pip3 install showcert` (just install)
- `pip3 install -U showcert` (upgrade)
- `pip3 install -U git+https://github.com/yaroslaff/showcert` (install/upgrade from git)
## Exit code
showcert will return non-zero exit code (1) in case of any error (including expired certificate or host mismatch).
If `-w DAYS` used, non-zero (2) will be returned for valid certificates, which will expire in `DAYS` days or sooner.
## Usage
~~~shell
$ bin/showcert -h
usage: showcert [-h] [-i] [--output OUTPUT] [-c] [-w [DAYS]] [-q] [-n NAME] [-t METHOD] [-l TIME]
[--ca CA] [--net]
CERT [CERT ...]
Show local/remote SSL certificate info v0.1.15
positional arguments:
CERT path, - (stdin), ":le" (letsencrypt cert path), hostname or hostname:port
optional arguments:
-h, --help show this help message and exit
-i, --insecure Do not verify remote certificate
--output OUTPUT, -o OUTPUT
output format: brief, full, names, dnames (for certbot), pem, no.
-c, --chain Show chain (not only server certificate)
-w [DAYS], --warn [DAYS]
Warn about expiring certificates (def: 20 days)
Rarely needed options:
-q, --quiet Quiet mode, same as --output no
-n NAME, --name NAME name for SNI (if not same as CERT host)
-t METHOD, --starttls METHOD
starttls method: auto (default, and OK almost always), no, imap, smtp, pop3
-l TIME, --limit TIME
socket timeout (def: 5)
--ca CA path to trusted CA certificates, def: /usr/local/lib/python3.9/dist-packages/certifi/cacert.pem
--net Force network check (if you want to check host and have file/dir with same name in current directory)
Examples:
# just check remote certificate
bin/showcert example.com
# check SMTP server certificate (autodetected: --starttls smtp )
bin/showcert smtp.google.com:25
# save fullchain from google SMTP to local PEM file
bin/showcert --chain -o pem google.com > google-fullchain.pem
# look for expiring letsencrypt certificates
# :le is alias for /etc/letsencrypt/live/*/fullchain.pem
bin/showcert :le -q -w 20 || echo "expiring soon!"
~~~
Raw data
{
"_id": null,
"home_page": "https://github.com/yaroslaff/showcert",
"name": "showcert",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "",
"keywords": "",
"author": "Yaroslav Polyakov",
"author_email": "yaroslaff@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/7d/f8/aed6c2340ca6051f9bd6a515120dea3cabb6ac6397552809764c0727671b/showcert-0.1.16.tar.gz",
"platform": null,
"description": "# showcert - simple OpenSSL for humans\n\nShowcert tries to follow these principles:\n- Simple things must be simple. More complex things may require some options. \n- Be simple and cover 9/10 routine certificate-related tasks.\n- If showcert missing some rarely used feature and user needs to use openssl for it - okay.\n\n~~~bash\n# You will never forget how to use it:\n$ showcert github.com\nIP: 140.82.121.3\nNames: github.com www.github.com\nnotBefore: 2022-03-15 00:00:00 (182 days old)\nnotAfter: 2023-03-15 23:59:59 (183 days left)\nIssuer: C=US O=DigiCert Inc CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1\n\n# Compare it against openssl:\n# two redirections, pipe, two invokations and 5 unneeded options\n$ openssl s_client -connect github.com:443 </dev/null 2>/dev/null | openssl x509 -inform pem -text\n\n# View Google SMTP server cert. starttls mode selected automatically. Same for POP3/IMAP and any simple TLS service\n$ showcert smtp.google.com:25\n\n# Save full chain of google.com certificates to local PEM file\n$ showcert --chain -o pem google.com > google-fullchain.pem\n\n# Warn about any LetsEncrypt cert which will expire in 50 days or less\n# :le is just special token, replaced to /etc/letsencrypt/live/*/fullchain.pem\n$ sudo showcert -q :le -w50 || echo panic\n/etc/letsencrypt/live/my.example.com/fullchain.pem expires in 47 days\npanic\n~~~\n\n## STARTTLS implementation\nshowcert has built-in support for STARTTLS for SMTP (port 25), POP3 (port 110) and IMAP (port 143). You can select proper method with `--starttls` option (or disable it with `--starttls no`), but default value (`auto`) is OK for most cases. This option is needed only if you test servers on non-standard ports.\n\n\n## Installation\nAs any usual python package:\n- `pip3 install showcert` (just install)\n- `pip3 install -U showcert` (upgrade)\n- `pip3 install -U git+https://github.com/yaroslaff/showcert` (install/upgrade from git)\n\n## Exit code\nshowcert will return non-zero exit code (1) in case of any error (including expired certificate or host mismatch).\nIf `-w DAYS` used, non-zero (2) will be returned for valid certificates, which will expire in `DAYS` days or sooner.\n\n## Usage\n\n~~~shell\n$ bin/showcert -h\nusage: showcert [-h] [-i] [--output OUTPUT] [-c] [-w [DAYS]] [-q] [-n NAME] [-t METHOD] [-l TIME]\n [--ca CA] [--net]\n CERT [CERT ...]\n\nShow local/remote SSL certificate info v0.1.15\n\npositional arguments:\n CERT path, - (stdin), \":le\" (letsencrypt cert path), hostname or hostname:port\n\noptional arguments:\n -h, --help show this help message and exit\n -i, --insecure Do not verify remote certificate\n --output OUTPUT, -o OUTPUT\n output format: brief, full, names, dnames (for certbot), pem, no.\n -c, --chain Show chain (not only server certificate)\n -w [DAYS], --warn [DAYS]\n Warn about expiring certificates (def: 20 days)\n\nRarely needed options:\n -q, --quiet Quiet mode, same as --output no\n -n NAME, --name NAME name for SNI (if not same as CERT host)\n -t METHOD, --starttls METHOD\n starttls method: auto (default, and OK almost always), no, imap, smtp, pop3\n -l TIME, --limit TIME\n socket timeout (def: 5)\n --ca CA path to trusted CA certificates, def: /usr/local/lib/python3.9/dist-packages/certifi/cacert.pem\n --net Force network check (if you want to check host and have file/dir with same name in current directory)\n\nExamples: \n # just check remote certificate\n bin/showcert example.com\n\n # check SMTP server certificate (autodetected: --starttls smtp )\n bin/showcert smtp.google.com:25\n\n # save fullchain from google SMTP to local PEM file\n bin/showcert --chain -o pem google.com > google-fullchain.pem\n\n # look for expiring letsencrypt certificates \n # :le is alias for /etc/letsencrypt/live/*/fullchain.pem \n bin/showcert :le -q -w 20 || echo \"expiring soon!\"\n~~~\n\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "dump local/remote certificate info",
"version": "0.1.16",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8989073b783c9c377f93e2fafaea3753f8411aebe53658de0137c00af52ba183",
"md5": "585183665c53e7fe1dff98a1f2d60a8f",
"sha256": "8544820d5217fef03e57e28fd8fd3361e9b8c6bcedd526647879f407e2f81910"
},
"downloads": -1,
"filename": "showcert-0.1.16-py3-none-any.whl",
"has_sig": false,
"md5_digest": "585183665c53e7fe1dff98a1f2d60a8f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 8163,
"upload_time": "2023-04-12T16:33:44",
"upload_time_iso_8601": "2023-04-12T16:33:44.944039Z",
"url": "https://files.pythonhosted.org/packages/89/89/073b783c9c377f93e2fafaea3753f8411aebe53658de0137c00af52ba183/showcert-0.1.16-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "7df8aed6c2340ca6051f9bd6a515120dea3cabb6ac6397552809764c0727671b",
"md5": "491ea109572a75ea22a9824bb5f7d2b8",
"sha256": "6733d95971027ab8d8c52ed3432d124b0e4ed72b34e115c876715f5b1afe96ea"
},
"downloads": -1,
"filename": "showcert-0.1.16.tar.gz",
"has_sig": false,
"md5_digest": "491ea109572a75ea22a9824bb5f7d2b8",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 7845,
"upload_time": "2023-04-12T16:33:46",
"upload_time_iso_8601": "2023-04-12T16:33:46.688438Z",
"url": "https://files.pythonhosted.org/packages/7d/f8/aed6c2340ca6051f9bd6a515120dea3cabb6ac6397552809764c0727671b/showcert-0.1.16.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-04-12 16:33:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "yaroslaff",
"github_project": "showcert",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "showcert"
}