diff --git a/Tools/scripts/get-remote-certificate.py b/Tools/scripts/get-remote-certificate.py
index 38901286e19ad1..a37a8bb8204e86 100755
--- a/Tools/scripts/get-remote-certificate.py
+++ b/Tools/scripts/get-remote-certificate.py
@@ -11,12 +11,14 @@
 import sys
 import tempfile
 
+from subprocess import DEVNULL
+
 
 def fetch_server_certificate (host, port):
 
-    def subproc(cmd):
+    def subproc(cmd, stdin=None):
         from subprocess import Popen, PIPE, STDOUT
-        proc = Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True)
+        proc = Popen(cmd, stdout=PIPE, stderr=STDOUT, stdin=stdin)
         status = proc.wait()
         output = proc.stdout.read()
         return status, output
@@ -50,15 +52,14 @@ def strip_to_x509_cert(certfile_contents, outfile=None):
         with open(tfile, "w") as fp:
             fp.write("quit\n")
         try:
-            status, output = subproc(
-                'openssl s_client -connect "%s:%s" -showcerts < "%s"' %
-                (host, port, tfile))
+            cmd = ['openssl', 's_client', '-connect', '%s:%s' % (host, port), '-showcerts']
+            status, output = subproc(cmd, stdin=tfile)
         finally:
             os.unlink(tfile)
     else:
-        status, output = subproc(
-            'openssl s_client -connect "%s:%s" -showcerts < /dev/null' %
-            (host, port))
+        cmd = ['openssl', 's_client', '-connect', '%s:%s' % (host, port), '-showcerts']
+        status, output = subproc(cmd, stdin=DEVNULL)
+        
     if status != 0:
         raise RuntimeError('OpenSSL connect failed with status %s and '
                            'output: %r' % (status, output))