Read cert
$ openssl s_client -host <hostname> -port 443 | openssl x509 -noout -text
Read cert and check
$ echo | openssl s_client -servername <hostname> -connect <hostname>:443 -CAfile /etc/ssl/cert.pem | openssl x509 -noout -text
Dump cert chain
$ openssl s_client -showcerts -servername <hostname> -connect <hostname>:443
Read CRL
$ openssl crl -inform {DER|PEM} -noout -text -in <crl file>
Test connection
$ openssl s_client -servername <hostname> -connect <hostname>:443 -CAfile <Root CA cert file>
Convert DER to PEM
$ openssl x509 -inform DER -in cert.der -outform PEM -out cert.pem
Verify cert chain
$ openssl verify -CAfile /etc/ssl/cert.pem -untrusted intermediate.pem cert.pem