23 lines
884 B
Bash
23 lines
884 B
Bash
|
#!/bin/sh
|
||
|
|
#
|
||
|
|
# usage: get-cert.sh remote-host [port]
|
||
|
|
#
|
||
|
|
|
||
|
|
export PATH=/usr/local/Cellar/libressl/2.3.6/bin:$PATH
|
||
|
|
|
||
|
|
REMHOST=$1
|
||
|
|
REMPORT=${2:-443}
|
||
|
|
|
||
|
|
echo |\
|
||
|
|
openssl s_client -connect ${REMHOST}:${REMPORT} -servername ${REMHOST} 2>&1 |\
|
||
|
|
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/temp.crt
|
||
|
|
openssl x509 -noout -subject -dates -fingerprint -in /tmp/temp.crt
|
||
|
|
openssl x509 -in /tmp/temp.crt -issuer -noout | pcre2grep -o1 -o2 '(issuer=).*CN=(.*)'
|
||
|
|
openssl x509 -in /tmp/temp.crt -text -noout | grep -A1 "Subject Alternative Name" | sed s/DNS://g | sed s/^\ *//g | tr ',' '\n'
|
||
|
|
openssl x509 -in /tmp/temp.crt -noout -serial | gawk -F\= '{print "Serial number: ", $2, strtonum("0x"$2)}'
|
||
|
|
openssl x509 -in /tmp/temp.crt -text | grep "Signature Algorithm:" | tail -1 | xargs
|
||
|
|
|
||
|
|
|
||
|
|
#echo "" | gnutls-cli -p ${REMPORT} ${REMHOST} 2>/dev/null | grep subject | head -1 | sed -e $'s/, /\\\n/g'
|
||
|
|
|