Check certificate (OpenSSL)

Inspect certificate chain and TLS handshake for a host:port:

openssl s_client -connect host:443 -showcerts

Useful options:

-servername name — SNI (e.g. for virtual hosts): openssl s_client -connect host:443 -servername host -showcerts
-starttls proto — for SMTP/IMAP etc.: openssl s_client -connect host:587 -starttls smtp -showcerts
Pipe to get only cert(s): openssl s_client -connect host:443 -showcerts </dev/null 2>/dev/null | openssl x509 -noout -dates -subject -issuer