Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Solutions A small chevron
Device management

Device management

Remotely manage, and protect laptops and mobile devices.

Orchestration

Orchestration

Automate tasks across devices, from app installs to scripts.

Software management

Software management

Inventory, patch, and manage installed software.

Extend Fleet

Extend Fleet

Integrate your favorite tools with Fleet.

Customers A small chevron
Stripe + Fleet

Stripe + Fleet

Stripe consolidates multiple tools with Fleet.

Foursquare + Fleet

Foursquare + Fleet

Foursquare quickly migrates to Fleet for device management.

What people are saying

What people are saying

Stories from the Fleet community.

Pricing
More A small chevron
Try it yourself Get a demo
Discover TLS certificates

Discover TLS certificates

Retrieves metadata about TLS certificates for servers listening on the local machine. Enables mTLS adoption analysis and cert expiration notifications.

To learn more about queries, check this guide.

SELECT * FROM curl_certificate WHERE hostname IN (SELECT DISTINCT 'localhost:'||port FROM listening_ports WHERE protocol=6 AND address!='127.0.0.1' AND address!='::1');
function Get-CurlCertificate {
    param(
        [string]$hostname,
        [int]$port
    )
    try {
        $tcpClient = New-Object System.Net.Sockets.TcpClient
        $tcpClient.Connect($hostname, $port)
        $networkStream = $tcpClient.GetStream()
        $sslStream = New-Object System.Net.Security.SslStream($networkStream, $false, { return $true })
        $sslStream.ReadTimeout = 5000
        $sslStream.WriteTimeout = 5000
        $sslStream.AuthenticateAsClient($hostname)
        $remoteCert = $sslStream.RemoteCertificate
        if ($remoteCert) {
            $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $remoteCert
            [PSCustomObject]@{
                Hostname   = "$hostname`:$port"
                Subject    = $cert.Subject
                Issuer     = $cert.Issuer
                NotBefore  = $cert.NotBefore
                NotAfter   = $cert.NotAfter
                Thumbprint = $cert.Thumbprint
            }
        }
        else {
            [PSCustomObject]@{
                Hostname   = "$hostname`:$port"
                Error      = "No certificate returned"
            }
        }
        $sslStream.Close()
        $tcpClient.Close()
    }
    catch {
        [PSCustomObject]@{
            Hostname = "$hostname`:$port"
            Error    = "Failed to retrieve certificate - $_"
        }
    }
}

# Get distinct TCP listening ports where local address is not 127.0.0.1 or ::1
$ports = Get-NetTCPConnection -State Listen -Protocol TCP |
    Where-Object { $_.LocalAddress -ne "127.0.0.1" -and $_.LocalAddress -ne "::1" } |
    Select-Object -ExpandProperty LocalPort -Unique

foreach ($port in $ports) {
    # Use "localhost" as the hostname to match the pattern "localhost:port"
    $result = Get-CurlCertificate -hostname "localhost" -port $port
    $result
}
echo "Hostname,Subject,Issuer"; netstat -an | grep LISTEN | grep -v '127.0.0.1' | grep -v '::1' | awk '{print $4}' | sed -E 's/.*\.//' | sort -u | while read port; do cert=$(echo | openssl s_client -connect localhost:$port -servername localhost 2>/dev/null | openssl x509 -noout -subject -issuer 2>/dev/null); subject=$(echo "$cert" | grep '^subject=' | sed 's/subject=//'); issuer=$(echo "$cert" | grep '^issuer=' | sed 's/issuer=//'); echo "localhost:$port,$subject,$issuer"; done
An icon indicating that this section has important information

PowerShell commands are currently work in progress, contributions welcome.

An icon indicating that this section has important information

Bash commands for macOS are currently work in progress, contributions welcome.

Platform

macOSApple

WindowsWindows

LinuxLinux

ChromeOSChromeOS

Suggest an editEdit Talk to an engineerGet a demo