My new favorite tool for looking at TLS things is certigo
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/InspectingTLSWithCertigo [utcc.utoronto.ca]
2019-05-18 15:57
For a long time I’ve used the OpenSSL command line tools to do things like looking at certificates and chasing certificate chains (although OpenSSL is no longer what you want to use to make self-signed certificates). This works, and is in many ways the canonical and most complete way to do this sort of stuff, but if you’ve ever used the openssl command and its many sub-options you know that it’s kind of a pain in the rear. As a result of this, for some years now I’ve been using Square’s certigo command instead.