IBM Support

QRadar: How to retrieve a certificate from a server with SNI setting

How To


Server Name Indication (SNI) is an extension to the SSL and TLS protocols that indicates what hostname the client is attempting to connect to at the start of the handshake process. This allows a server to present multiple certificates on the same IP address and port number, it also allows multiple secure (HTTPS) websites to be served off the same IP address and port number, without requiring all those sites to use the same certificate.


This article provides the steps to obtain the certificate from a server with SNI setting.


An example for a service with SNI is MaaS360.
Without specifying the server name, the openssl command returns an 'no peer certificate available' error message.
openssl s_client -showcerts -verify 5 -connect < /dev/null
verify depth is 5
140537535166352:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:769:
no peer certificate available
Administrators use the normal openssl command with the addition of 'servername' option to retrieve the certificate for specific virtual host ( from the SNI server: 
openssl s_client -connect -servername -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > [path_to_certificate_filename]
Administrators are able to save the details of the certificate.

Document Location


[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
29 June 2023