#!/bin/sh
#
# usage: get-cert.sh remote-host [port]
#

export PATH=/usr/local/Cellar/libressl/2.3.6/bin:$PATH

REMHOST=$1
REMPORT=${2:-443}

echo |\
openssl s_client -connect ${REMHOST}:${REMPORT} -servername ${REMHOST} 2>&1 |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/temp.crt
openssl x509 -noout -subject -dates -fingerprint -in /tmp/temp.crt
openssl x509 -in /tmp/temp.crt  -issuer -noout | pcre2grep -o1 -o2 '(issuer=).*CN=(.*)'
openssl x509 -in /tmp/temp.crt -text -noout | grep -A1 "Subject Alternative Name" | sed s/DNS://g | sed s/^\ *//g | tr ',' '\n'
openssl x509 -in /tmp/temp.crt -noout -serial | gawk -F\= '{print "Serial number: ", $2, strtonum("0x"$2)}'
openssl x509 -in /tmp/temp.crt -text | grep "Signature Algorithm:" | tail -1 | xargs


#echo "" | gnutls-cli -p ${REMPORT} ${REMHOST} 2>/dev/null | grep subject | head -1 | sed -e $'s/, /\\\n/g'