Get SSL Certificate from Server (Site URL) – Export & Download

Someday you may need to get the SSL certificate of a website and save it locally.

For example, you could get an error saying that you can’t clone a Git repository due to a self-signed certificate and to resolve this issue you would need to download the SSL certificate and make it trusted by your Git client.

In the following article i am showing how to export the SSL certificate from a server (site URL) using Google Chrome, Mozilla Firefox and Internet Explorer browsers as well as how to get SSL certificate from the command line, using openssl command.

Cool Tip: Create a self-signed SSL Certificate! Read more →

Export SSL Certificate

Google Chrome

Export the SSL certificate of a website using Google Chrome:

  1. Click the Secure button (a padlock) in an address bar
  2. Click the Show certificate button
  3. Go to the Details tab
  4. Click the Export button
  5. Specify the name of the file you want to save the SSL certificate to, keep the “Base64-encoded ASCII, single certificate” format and click the Save button

Mozilla Firefox

Export the SSL certificate of a website using Mozilla Firefox:

  1. Click the Site Identity button (a padlock) in an address bar
  2. Click the Show connection details arrow
  3. Click the More Information button
  4. Click the View Certificate button
  5. Go to the Details tab
  6. Click the Export button
  7. Specify the name of the file you want to save the SSL certificate to, keep the “X.509 Certificate (PEM)” format and click the Save button

Cool Tip: Check the expiration date of the SSL Certificate from the Linux command line! The fastest way! Read more →

Internet Explorer

Download and save the SSL certificate of a website using Internet Explorer:

  1. Click the Security report button (a padlock) in an address bar
  2. Click the View Certificate button
  3. Go to the Details tab
  4. Click the Copy to File... button
  5. Click the Next button
  6. Select the “Base-64 encoded X.509 (.CER)” format and click the Next button
  7. Specify the name of the file you want to save the SSL certificate to
  8. Click the Next and the Finish buttons


Get the SSL certificate of a website using openssl command:

$ echo | openssl s_client -servername NAME -connect HOST:PORT |\
  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.crt

Short explanation:

Option Description
-connect HOST:PORT The host and port to connect to
-servername NAME The TLS SNI (Server Name Indication) extension (website)
certificate.crt Save SSL certificate to this file


$ echo | openssl s_client -servername -connect |\
  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.crt
Was it useful? Share this post with the world!

13 Replies to “Get SSL Certificate from Server (Site URL) – Export & Download”

  1. I’m a bit confused. Not only is Base64 not the default, but also, while some sources agree that Base64 is to be used, other sources advise to use DER instead. If I export and install both formats, will Java automatically pick the correct one over the broken one?

    1. As always, it depends on your Java and its current conventions.

      I guess I’m just here to remind that either way it’s likely good to plan for something more robust to keep things from breaking.

  2. Very useful

  3. EHX, yes Base64 is not the default and the guide is not updated (Chrome) I solved by just saving the certificate (checking the Base64 option) to an existing local file, then used it in my certificate-pinning implementation (Android and Kotlin but the concept is the same in Java)

  4. In chrome on a mac, there is no longer an option to export the certificate. However, you may drag it to a finder window.

  5. If I use $ echo | openssl s_client -servername -connect |\
    sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > certificate.crt
    In osx high Sierra I got “sed command not found”. Although Im pretty sure I have it installed, as if I run just “sed” it is listed there.

    1. were u able to fix it?>

  6. old: …:443 |\ sed …
    new: …:443 | sed …

    new error:
    “verify error:num=20:unable to get local issuer certificate”

  7. I can’t use google search in ANY browser and i tried almost every possible “solution” in the internet…
    This is the problem…

    Issuer: DigiCert Global Root G1A
    Expires on: 1 ene. 2031
    Current date: 13 feb. 2021
    PEM encoded chain:
    -----END CERTIFICATE-----
    -----END CERTIFICATE-----

    I know the problem is the certificate, any ideas?

    1. Hello, the solution for you is:
      echo | openssl s_client -connect | openssl x509 -keyform DER -out

  8. Thx! This is very useful. But downloading via browser is a bit confusing. The UI might have changed since the time of this writing. So i just use the shell command.

  9. Hi. im using SSL LABS online tool for get the pin of leaft certificate but seems expires every 6 months.
    i dont want to update the android app.
    is there a way to not update every 6 months?
    im little confusion that i must use linux for that.

  10. Awesome tutorial for beginners. Helped me.

Leave a Reply