Friday, June 21, 2019

Is it possible to get all certs from an ip address running SNI without knowing each CN/SAN?

With openssl, you can dump a cert from an ip address with:

openssl s_client -connect 93.184.216.34:443 | openssl x509 -noout -text 

Which gives the single cert on non-SNI hosts, or the default SNI cert on SNI hosts.

Is there an equivalent way to dump every cert on a host using SNI without knowing any of the CN/SAN?

The idea here is to do a quick discovery of all certs on all our Load Balancers. Worked well before, but SNI is throwing a wrench into this.



No comments:

Post a Comment