Suppose there is a PostgreSQL server running and it has SSL enabled. Using "standard" Linux and PostgreSQL tools, how can I examine its SSL certificate?
I'm hoping for output similar to what you would get from running openssl x509 -text .... And I'm hoping for a one- or two-liner command line answer so I don't have to resort to running a packet sniffer.
I do not have access to the PostgreSQL server, so I cannot look at its configuration files directly.
I do not have a superuser login, so I can't get the value of the ssl_cert_file setting and then pg_read_file on it.
Using openssl s_client -connect ... doesn't work because PostgreSQL doesn't seem to want to do the SSL handshake right away.
From a quick look at the psql documentation, I could not find a command-line parameter that makes it show that information on startup. (Though it does show me certain cipher information.)
Best Answer
It looks like OpenSSL's
s_clienttool added Postgres support using the-starttlsin 1.1.1, so you can now use the full power of OpenSSL's command line tools without additional helper scripts:References: