Created
November 11, 2021 08:43
-
-
Save thomasschuiki/aa3464a26dc061ed3335225498601ee0 to your computer and use it in GitHub Desktop.
Handy openssl commands
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # verify certificate of target host | |
| openssl s_client -verify 2 -connect dc1.myco.com:636 | |
| # convert certificate file | |
| openssl x509 -inform der -in ca.example.com.cer -out ca.example.com.pem | |
| # on debian based systems, reload ca-certificates | |
| update-ca-certificates | |
| c_rehash | |
| # check certificate expiry in the next 24h | |
| if openssl x509 -checkend 86400 -noout -in file.pem | |
| then | |
| echo "Certificate is good for another day!" | |
| else | |
| echo "Certificate has expired or will do so within 24 hours!" | |
| echo "(or is invalid/not found)" | |
| fi | |
| # check if certificate has expired | |
| openssl x509 -checkend 0 -in file.pem | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment