1
sudo find /etc/pki /usr/share/pki -type f \( -name "*.crt" -o -name "*.pem" -o -name "*.cer" \) 2>/dev/null | grep -i standard
2.
openssl x509 -in /path/to/standardID.crt -noout -subject -issuer -serial -fingerprint -sha256 -enddate
-
New ##
1
echo | openssl s_client -connect server01:443 -servername server01 -showcerts 2>/dev/null
2 check issuer / subject
echo | openssl s_client -connect server01:443 -servername server01 -showcerts 2>/dev/null \
| openssl x509 -noout -subject -issuer -fingerprint -sha256 -enddate
3.
servers.txt
&
#!/bin/bash
PORT=443
HOSTLIST="servers.txt"
OUTPUT="standardid_port_check_$(date +%F_%H%M).csv"
echo "HOST,PORT,STATUS,DETAIL" > "$OUTPUT"
while read -r HOST
do
[ -z "$HOST" ] && continue
echo "Checking $HOST:$PORT ..."
CERT_INFO=$(timeout 10 bash -c "echo | openssl s_client -connect ${HOST}:${PORT} -servername ${HOST} -showcerts 2>/dev/null \
| openssl x509 -noout -subject -issuer -fingerprint -sha256 -enddate 2>/dev/null")
if [ -z "$CERT_INFO" ]; then
echo "$HOST,$PORT,NO_TLS_OR_CONNECTION_FAILED,\"No certificate returned on this port\"" >> "$OUTPUT"
continue
fi
if echo "$CERT_INFO" | grep -iq "standard"; then
DETAIL=$(echo "$CERT_INFO" | tr '\n' ' ' | sed 's/"/""/g')
echo "$HOST,$PORT,FOUND,\"$DETAIL\"" >> "$OUTPUT"
else
DETAIL=$(echo "$CERT_INFO" | tr '\n' ' ' | sed 's/"/""/g')
echo "$HOST,$PORT,NOT_FOUND,\"$DETAIL\"" >> "$OUTPUT"
fi
done < "$HOSTLIST"
echo "Report generated: $OUTPUT"
#
openssl x509 -in /etc/pki/ca-trust/source/anchors/standardID.crt -noout -fingerprint -sha256
sudo find /etc/pki /usr/share/pki -type f \( -name "*.crt" -o -name "*.pem" -o -name "*.cer" \) 2>/dev/null | grep -i standard
0 comments:
Post a Comment