# bash and Gnu grep assumed crtinfo () { # accept command line cert name, or look for first *crt file in current directory if [[ -n $1 ]] ; then CERT=$1 else CERTARRAY=(*crt) CERT=${CERTARRAY[0]} if [[ -n ${CERTARRAY[1]} ]] ;then echo -e "\nwarning - only looking at the first certificate found, skipping\n${CERTARRAY[1]} and all other certs in the current directory\n\n"; fi fi if [[ ! -f $CERT ]]; then echo "no cert file in current directory, or cert on command line doesxn't exist" return 1 fi echo -e "\n$CERT\n\n" openssl x509 -noout -text < $CERT | grep --color=auto -Pi 'before|after|subject:|issuer' echo -e "\nSubject Alternative Names:\n" openssl x509 -noout -text < $CERT | perl -l -0777 -ne '@names=/\bDNS:([^\s,]+)/g; print ("\t",join("\n\t", sort @names));' key=$(echo $CERT | perl -pe 's{\.crt$}{.key}') # helper function to confirm that the key in this directory matches the cert if [[ -f $key ]] ; then echo chkcrtandkey $1 $2 fi } function chkcrtandkey () { # accept 2 args, cert and key, or attempt to find .key matching argument 1 if [[ -f $2 ]]; then CERT=$1 KEY=$2 elif [[ -f $1 ]]; then CERT=$1 TMPKEY=$(echo $CERT | perl -pe 's{.crt}{.key}') if [[ -f $TMPKEY ]]; then KEY=$TMPKEY fi fi # if that fails, see if you can find a matching key and cert file in current directory if [[ ! -f $CERT ]] || [[ ! -f $KEY ]]; then CERTARRAY=(*crt) CERT=${CERTARRAY[0]} KEYARRAY=(*key) KEY=${KEYARRAY[0]} fi if [[ ! -f $CERT ]] || [[ ! -f $KEY ]]; then echo "can't find matching cert and key in current directory" return 1 fi # if the moduli match, then the key goes with the cert. echo -n "checking that $CERT and $KEY match: " CERTMODSUM=$(openssl x509 -noout -modulus -in $CERT | sha512sum) KEYMODSUM=$(openssl rsa -noout -modulus -in $KEY | sha512sum) if [[ $CERTMODSUM = $KEYMODSUM ]]; then echo "OK!" return 0 else echo -e "\n\n WARNING\n WARNING\n\n$CERT and $KEY DO NOT MATCH\n\n" echo $CERTMODSUM echo $KEYMODSUM return 1 fi }