Created
May 14, 2021 15:35
-
-
Save danpritts/2d596b8c01828e9f09329fa741d8838d to your computer and use it in GitHub Desktop.
Revisions
-
danpritts created this gist
May 14, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,77 @@ # bash and Gnu grep assumed crtinfo () { # accept command line cert name, or look for first *crt file in current directory if [[ -n $1 ]] ; then CERT=$1 else CERTARRAY=(*crt) CERT=${CERTARRAY[0]} if [[ -n ${CERTARRAY[1]} ]] ;then echo -e "\nwarning - only looking at the first certificate found, skipping\n${CERTARRAY[1]} and all other certs in the current directory\n\n"; fi fi if [[ ! -f $CERT ]]; then echo "no cert file in current directory, or cert on command line doesxn't exist" return 1 fi echo -e "\n$CERT\n\n" openssl x509 -noout -text < $CERT | grep --color=auto -Pi 'before|after|subject:|issuer' echo -e "\nSubject Alternative Names:\n" openssl x509 -noout -text < $CERT | perl -l -0777 -ne '@names=/\bDNS:([^\s,]+)/g; print ("\t",join("\n\t", sort @names));' key=$(echo $CERT | perl -pe 's{\.crt$}{.key}') # helper function to confirm that the key in this directory matches the cert if [[ -f $key ]] ; then echo chkcrtandkey $1 $2 fi } function chkcrtandkey () { # accept 2 args, cert and key, or attempt to find .key matching argument 1 if [[ -f $2 ]]; then CERT=$1 KEY=$2 elif [[ -f $1 ]]; then CERT=$1 TMPKEY=$(echo $CERT | perl -pe 's{.crt}{.key}') if [[ -f $TMPKEY ]]; then KEY=$TMPKEY fi fi # if that fails, see if you can find a matching key and cert file in current directory if [[ ! -f $CERT ]] || [[ ! -f $KEY ]]; then CERTARRAY=(*crt) CERT=${CERTARRAY[0]} KEYARRAY=(*key) KEY=${KEYARRAY[0]} fi if [[ ! -f $CERT ]] || [[ ! -f $KEY ]]; then echo "can't find matching cert and key in current directory" return 1 fi # if the moduli match, then the key goes with the cert. echo -n "checking that $CERT and $KEY match: " CERTMODSUM=$(openssl x509 -noout -modulus -in $CERT | sha512sum) KEYMODSUM=$(openssl rsa -noout -modulus -in $KEY | sha512sum) if [[ $CERTMODSUM = $KEYMODSUM ]]; then echo "OK!" return 0 else echo -e "\n\n WARNING\n WARNING\n\n$CERT and $KEY DO NOT MATCH\n\n" echo $CERTMODSUM echo $KEYMODSUM return 1 fi }