1. 1
  1.  

  2. 2

    If we’re talking fetching SSL/TLS certificates in general, one could simply “openssl s_client -connect host:port” No point in installing an npm package just for that.
    To save just the certificate into a file: openssl s_client -connect host:port | openssl x509 [-text] > myfile.pem
    Of course, if this is targeted at Node.js developers, then I’d have altered the title to reflect that, “Retrieve the public TLS certificate in x509 format from a distant host in Node.js

    % openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -text
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number: 9018882575595640890 (0x7d2981eb1d56983a)
        Signature Algorithm: sha256WithRSAEncryption
            Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
            Validity
                Not Before: Nov  4 18:13:15 2015 GMT
                Not After : Feb  2 00:00:00 2016 GMT
            Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:be:ab:cb:37:55:7e:18:a1:06:b4:fb:de:4e:ac:
                        70:d4:5c:d3:ae:56:ec:82:1f:1d:c6:5b:79:33:64:
                        12:5d:04:3a:62:32:91:92:e4:28:68:ed:ba:92:9d:
                        83:3c:1c:3c:d1:59:a7:21:0c:15:a0:64:7c:1d:14:
                        13:7a:d7:e4:8b:d5:cc:75:79:65:d2:53:e5:e2:7a:
                        5f:8f:44:cc:eb:83:76:e8:e2:6e:28:b7:b6:c7:41:
                        4b:0a:fe:d2:a9:eb:c0:ed:b5:29:2e:64:7c:b8:38:
                        97:1e:7b:e2:2d:d1:fe:81:aa:87:fc:3e:45:62:8f:
                        40:f3:7a:f4:e2:69:13:f3:f5:7d:91:f5:c2:8d:9b:
                        80:ff:98:b7:3b:85:07:09:bd:9a:3b:6e:48:c5:50:
                        ec:1b:34:0f:fe:c1:51:25:b3:7b:a4:69:4b:c6:1e:
                        50:ff:d2:3e:c1:8c:44:15:33:da:8c:f1:10:d3:4d:
                        84:2b:50:ec:97:7f:7c:eb:fe:04:8d:2f:cf:47:50:
                        c4:38:cd:5a:b7:76:4e:76:c7:dc:20:d2:f0:cc:d5:
                        66:90:08:1d:73:13:dc:e2:55:c4:8e:a7:37:aa:e5:
                        a5:d4:cb:a8:1b:82:8f:9e:a0:0f:2d:6b:9d:f5:30:
                        74:a4:6b:5b:a1:e8:66:95:30:eb:2f:cc:ec:29:bd:
                        84:93
                    Exponent: 65537 (0x10001)
            X509v3 extensions:
                X509v3 Extended Key Usage: 
                    TLS Web Server Authentication, TLS Web Client Authentication
                X509v3 Subject Alternative Name: 
                    DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, DNS:*.google-analytics.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleadapis.com, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.gvt2.com, DNS:*.metric.gstatic.com, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.ytimg.com, DNS:android.clients.google.com, DNS:android.com, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:urchin.com, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com
                Authority Information Access: 
                    CA Issuers - URI:http://pki.google.com/GIAG2.crt
                    OCSP - URI:http://clients1.google.com/ocsp
    
                X509v3 Subject Key Identifier: 
                    40:4B:30:8E:C9:25:C6:EF:14:A2:1A:E4:62:32:D8:BF:48:F1:40:6B
                X509v3 Basic Constraints: critical
                    CA:FALSE
                X509v3 Authority Key Identifier: 
                    keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
    
                X509v3 Certificate Policies: 
                    Policy: 1.3.6.1.4.1.11129.2.5.1
                    Policy: 2.23.140.1.2.2
    
                X509v3 CRL Distribution Points: 
    
                    Full Name:
                      URI:http://pki.google.com/GIAG2.crl
    
        Signature Algorithm: sha256WithRSAEncryption
             28:e3:ae:5e:df:e9:68:ba:8f:7a:17:ba:8f:fc:ff:e9:91:2e:
             2c:8f:c6:b9:82:c1:70:d1:d8:ea:4e:4e:1a:17:3f:d3:bf:1d:
             1d:78:1e:56:9e:c4:ca:cf:20:b9:29:34:05:cb:0c:be:9a:75:
             46:1c:bf:74:81:f9:e7:01:e5:67:38:2e:7a:d8:1b:4e:62:ed:
             3b:55:f4:57:8b:e3:84:97:32:12:08:06:7f:a4:43:5e:4b:ed:
             44:3a:a1:5f:64:9e:28:7d:e9:22:42:3b:b9:9a:56:61:be:75:
             83:fb:3a:bc:26:0f:05:0f:1f:2f:33:c6:0f:7f:c4:4d:28:e9:
             45:00:cb:1c:70:a7:d4:49:e1:74:68:c3:be:2e:50:9e:fa:c7:
             1f:88:d9:f5:e1:31:10:bc:9a:77:af:c3:5e:cc:f9:ab:c9:32:
             69:28:d6:f9:0c:4d:f6:30:6e:b9:7c:61:0c:e8:33:af:a8:6d:
             c2:f0:25:47:47:dd:28:06:4d:5b:c4:15:3d:c9:e8:0c:cc:b7:
             6e:66:c8:10:c6:14:0f:a9:3d:a7:99:f2:c6:61:56:cd:c7:89:
             40:d7:93:be:f1:30:87:97:9a:88:9b:69:cc:a1:e4:d1:3e:66:
             ed:7a:b4:48:ac:85:3d:01:68:7b:03:0c:2f:d8:1a:02:ad:98:
             f7:ef:b4:d4
    -----BEGIN CERTIFICATE-----
    MIIHqTCCBpGgAwIBAgIIfSmB6x1WmDowDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
    BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
    cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUxMTA0MTgxMzE1WhcNMTYwMjAyMDAwMDAw
    WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
    TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n
    b29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqvLN1V+
    GKEGtPveTqxw1FzTrlbsgh8dxlt5M2QSXQQ6YjKRkuQoaO26kp2DPBw80VmnIQwV
    oGR8HRQTetfki9XMdXll0lPl4npfj0TM64N26OJuKLe2x0FLCv7SqevA7bUpLmR8
    uDiXHnviLdH+gaqH/D5FYo9A83r04mkT8/V9kfXCjZuA/5i3O4UHCb2aO25IxVDs
    GzQP/sFRJbN7pGlLxh5Q/9I+wYxEFTPajPEQ002EK1Dsl3986/4EjS/PR1DEOM1a
    t3ZOdsfcINLwzNVmkAgdcxPc4lXEjqc3quWl1MuoG4KPnqAPLWud9TB0pGtboehm
    lTDrL8zsKb2EkwIDAQABo4IEdjCCBHIwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
    AQUFBwMCMIIDQgYDVR0RBIIDOTCCAzWCDCouZ29vZ2xlLmNvbYINKi5hbmRyb2lk
    LmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29nbGUuY29t
    ghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUu
    Y2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28u
    dWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5j
    b20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2ds
    ZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xl
    LmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdv
    b2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBp
    cy5jb22CDyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESou
    Z29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CCiou
    Z3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVy
    Y2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5j
    b22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CCyoueXRp
    bWcuY29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22C
    BGcuY2+CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2dsZS5jb22C
    Emdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIIeW91dHUuYmWCC3lvdXR1
    YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTBoBggrBgEFBQcBAQRcMFowKwYI
    KwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYB
    BQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYE
    FEBLMI7JJcbvFKIa5GIy2L9I8UBrMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
    St0GFhu89mi1dvWBtrtiGrpagS8wIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUBMAgG
    BmeBDAECAjAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20v
    R0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAo465e3+louo96F7qP/P/pkS4s
    j8a5gsFw0djqTk4aFz/Tvx0deB5WnsTKzyC5KTQFywy+mnVGHL90gfnnAeVnOC56
    2BtOYu07VfRXi+OElzISCAZ/pENeS+1EOqFfZJ4ofekiQju5mlZhvnWD+zq8Jg8F
    Dx8vM8YPf8RNKOlFAMsccKfUSeF0aMO+LlCe+scfiNn14TEQvJp3r8NezPmryTJp
    KNb5DE32MG65fGEM6DOvqG3C8CVHR90oBk1bxBU9yegMzLduZsgQxhQPqT2nmfLG
    YVbNx4lA15O+8TCHl5qIm2nMoeTRPmbterRIrIU9AWh7Awwv2BoCrZj377TU
    -----END CERTIFICATE-----