ssl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

#!/bin/bash
#
# SSL wrapper scripts
#
# This code is licensed under a Creative Commons License.
# http://creativecommons.org/licenses/by-nc-sa/3.0/
#

#
# show usage
#
function usage {
  echo "SSL wrapper scripts"
  echo "Based on http://www.madboa.com/geek/openssl/"
}

#
# usage: ssl retrieve remote.host.name [port]
#        ssl retrieve remote.host.name [port] -starttls smtp
#
function retrieve {
  REMHOST=$1
  REMPORT=${2:-443}

  shift 2
  OPTS="$*"

  echo | \
  openssl s_client -connect ${REMHOST}:${REMPORT} $OPTS 2>&1 | \
  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
}

#
# usage: fingerprint cert
#
function fingerprint {
  openssl x509 -noout -in $1 -fingerprint
  openssl x509 -noout -in $1 -fingerprint -md5
  openssl x509 -noout -in $1 -fingerprint -sha256
}

# Parse option
COMMAND="$1"
shift

if [ "$COMMAND" == "retrieve" ]; then
  retrieve $*
elif [ "$COMMAND" == "info" ]; then
  openssl x509 -noout -in $1 -text
elif [ "$COMMAND" == "verify" ]; then
  openssl verify $*
elif [ "$COMMAND" == "fingerprint" ] || [ "$COMMAND" == "finger" ]; then
  fingerprint $*
else
  usage
fi