I’m typing this up in English in case it turns up in someone’s Google search results.
I wanted to check up on my TLS certificate on one of my Apache vhosts today, using the good old command:
openssl s_client -showcerts -connect your.domain.tld:port
but ended up receiving the self signed certificate that ran on the server’s default domain. That wasn’t very useful, but I was reminded that I had seen someone mention a different tool in a blog post ranting about certificate caching lately. In an effort to avoid having to go through all the convoluted brain racking and Google searching the next time I want to find said tool, I’m leaving this note for myself here.
The tool in question is called gnutls-cli, and is part of the gnutls-utils package on Fedora or in gnutls-bin on Debian/Ubuntu. The syntax is very nice:
gnutls-cli your.domain.tld -p port
and it handles vhosts and stuff like that. It connects to port 443 by default, so the port part can usually be omitted.