Example with the command 's_client' of openssl to see the certificates of a domain.
With the 'connect' option we specify the IP or DNS of the server we want to consult, the port must be specified, in general 443.
We use the 'showcerts' option to instruct openssl to display the certificates.
And the 'servername' option serves to indicate to the server which DNS name we require the certificate, being very useful when a server has several domains and provides several certificates, and has SNI configured.
openssl s_client -showcerts -servername feitam.es -connect 91.126.40.79:443
That will return to us the information of the certificates that the machine has with IP 91.126.40.79 for the domain feitam.es:
user@localpc:~$ openssl s_client -showcerts -servername feitam.es -connect 91.126.40.79:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = feitam.es
verify return:1
---
Certificate chain
0 s:CN = feitam.es
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISA94tCU5mbBfaJq0W8r9eadETMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA3MjYxODM3MDRaFw0yMTEwMjQxODM3MDJaMBQxEjAQBgNVBAMT
CWZlaXRhbS5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKs/nRST
zo/I0KKc9CcsO8TsACq5/TxTkRWNqsmWUoxnRW3pIID35bD9hPAQfJDQn9yq2LsR
yy8Bd6zfIsWvgPVlQwHaN0ssh5cdFDZToXN/fnRf/4U8jhO1j/AI+ObMK3As5uhj
FO0XBgDYn3jb4REF8TOfjWVv1m/qys7OGn937GT2Mk+V+AFx0sjQYmkh7+tR61oT
IQOc3qCBxKh7yfHJzIPb098wDbyOd1Bsiqii7AFyjwrskOYX2Cuv0DvOBwN4v/bZ
4hufYpNHFI7Bdue7Ldn2WOC3yEwH+C77vctZdBYK9x5pxkEHmqJ4VNOf8xNOTQKg
w0aE4255pk1rURkCAwEAAaOCAoMwggJ/MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
csg8oC7TyjuYxoN/HJtZ9oGfmWIwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+v
nYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5s
ZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wUwYD
VR0RBEwwSoIJZmVpdGFtLmVzgg5tYWlsLmZlaXRhbS5lc4IOc2Z0cC5mZWl0YW0u
ZXOCDndpa2kuZmVpdGFtLmVzgg13d3cuZmVpdGFtLmVzMEwGA1UdIARFMEMwCAYG
Z4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMu
bGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAlCC8Ho7V
jWyIcx+CiyIsDdHaTV5sT5Q9YdtOL1hNosIAAAF65FIdjQAABAMARzBFAiEAj0L3
WyhB24vJ8adXtncVDfFg45AmffJ1S/8/g51ozIkCIDGe3Teo1Vw1nm2tX07Da8br
2ejYy6p3D+XUOxK9Jq6kAHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i
8NcAAAF65FIdswAABAMARzBFAiBhgp3ggFBKlMSGiXXSurHLf519Ot4bI+1I4LiZ
Qy1QPQIhAOS4BJmuzYhjlxmCeNzGgDbbB49kK2s7ZWjcYmKDrRAVMA0GCSqGSIb3
DQEBCwUAA4IBAQBUhtXjF2NRk2CrNbMAFljh+pdhaTNPuWUr48mzrcTTHisRW05j
TUHEOn26nwNmjLWCCzEFOG0tJ/OBVCS5qF/mRBNWNAMpmUplb9lCbEhiRZexI455
RpCXQMzU/UP48uGnua8LPqsTk3v1mH0VdxSyx+ql4D9HJGAHBIIptcy2DGOtSZ2G
3aQS53yBmdpZAzvj0q8avSSy6K2mZCznlzOegr+uLW0mBhJodiF/zFs5Spzd4y3R
w6Q3O0igBjmrqHzPPJFgGu8oFiqJam9fQ9KKi1f4ELs28WnOgw4NPt4Gt+WYDPUq
5qPr4QMq/y37Go/jZrUE4AY1VGaJ0pnnoKCo
-----END CERTIFICATE-----
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=CN = feitam.es
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4627 bytes and written 381 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 405CEBAE81B716ED13C7C04FE7122D108C042DCBCDD7C4D4A5B6993F9C9448E6
Session-ID-ctx:
Resumption PSK: F47E1D15BD4794F38F6E91D5C01658A4E29572DA79DD5424DB9A0028A9B5A8F053DA11E61CB4FE72DC810DD80DDBB3E2
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - d6 33 2b 80 42 22 cc fc-b4 2c 91 a0 f6 21 6c 99 .3+.B"...,...!l.
0010 - 7e cc 55 02 16 db 5e 0c-a0 d7 3a db c6 6c 90 2a ~.U...^...:..l.*
0020 - 74 73 42 0b 95 50 b5 18-fc 57 08 42 25 e4 e9 a3 tsB..P...W.B%...
0030 - 46 a2 22 9d 79 24 d0 a5-66 ba aa fc 72 c1 42 fc F.".y$..f...r.B.
0040 - b5 f8 df 25 64 53 69 8f-8f 34 b7 60 d9 28 fb 65 ...%dSi..4.`.(.e
0050 - 09 67 16 49 91 cd da 30-d2 59 82 86 2f ff 36 9e .g.I...0.Y../.6.
0060 - 4f 58 5e 0d 22 19 e2 22-03 c4 2c 5f 70 16 0a a1 OX^.".."..,_p...
0070 - a5 87 f3 10 63 6b 80 4f-53 13 aa 4a ae ee f5 66 ....ck.OS..J...f
0080 - b1 eb 6b c9 a0 3e 1b 8c-74 59 8f 61 dd 4a cc c4 ..k..>..tY.a.J..
0090 - dc eb 36 a5 25 c1 bd c6-e8 ec 06 e5 12 c1 8d 84 ..6.%...........
00a0 - 5e 66 9e c1 c3 cc 22 13-45 02 6b d3 ab db c0 d2 ^f....".E.k.....
00b0 - b7 f9 29 ad d1 d4 b3 3a-16 fb 9e 18 46 81 0a 32 ..)....:....F..2
00c0 - 1c 4c 7d ed e1 bb b1 0c-54 28 dc 89 5d 6a a7 63 .L}.....T(..]j.c
00d0 - 36 4d 36 c2 34 2b ff 35-9c 64 59 23 34 f1 33 31 6M6.4+.5.dY#4.31
00e0 - 83 58 56 5a c4 c4 ef 8f-e6 3f a5 ba d0 c4 fe e4 .XVZ.....?......
Start Time: 1631206249
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: D294535CBB29827F6995B8A3C5748BB8B79DCCCE9EAF340AE8B3A28140539815
Session-ID-ctx:
Resumption PSK: 7B4C41201C1AF5468EA3899B8F1939C530219A9CF46870443AD4107A96235FA07192AD533B75B30889C645CD43214FE5
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - d6 33 2b 80 42 22 cc fc-b4 2c 91 a0 f6 21 6c 99 .3+.B"...,...!l.
0010 - 0d 5e 38 fd 15 10 a4 2c-70 2c 8f f7 f7 b5 35 3f .^8....,p,....5?
0020 - bc 39 29 12 1c 23 0d 72-6b ba 35 1b 01 7c f3 fb .9)..#.rk.5..|..
0030 - 7b 9b 54 36 c0 e2 be 44-55 9f 39 1e 88 a9 16 38 {.T6...DU.9....8
0040 - c8 45 f2 b0 f0 d3 5b a8-2a 37 93 76 52 f7 4e 60 .E....[.*7.vR.N`
0050 - aa 0b 82 b6 40 cc 1d ba-34 e5 61 2b b7 39 19 df ....@...4.a+.9..
0060 - 2c 59 91 11 e9 43 98 e8-cc 69 00 bd 94 90 ac 41 ,Y...C...i.....A
0070 - 0f 11 30 26 ff cb f5 d3-43 bf 70 51 1e 75 2b 0f ..0&....C.pQ.u+.
0080 - 20 10 26 f4 30 06 44 77-25 26 cb 81 aa 1e 7f dd .&.0.Dw%&......
0090 - 90 e3 21 47 5e fe e6 53-ca 9a e7 23 4b d9 0e 60 ..!G^..S...#K..`
00a0 - 81 2a 02 2e 93 c3 59 88-47 13 bc 75 8d 5a 38 13 .*....Y.G..u.Z8.
00b0 - 33 b9 f1 dc 9b e4 c6 10-dc ad 69 ff a5 72 c0 64 3.........i..r.d
00c0 - 2e 3c 4e 08 4e eb af 99-27 43 5f 1e 44 f4 a0 d5 .<N.N...'C_.D...
00d0 - 27 af 6f 52 74 70 16 e5-ce d9 35 48 c9 b2 75 42 '.oRtp....5H..uB
00e0 - 90 e7 6d bd 49 94 cb b5-5b aa 0a fd 99 8d 98 04 ..m.I...[.......
Start Time: 1631206249
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
user@localpc:~$