Versions Compared

Old Version 2

changes.mady.by.user Stefan Winter

Saved on

compared with

New Version Current

changes.mady.by.user Stefan Winter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleprintservercerts.sh
#!/bin/bash
for REALM in `cat probe_identities.txt`; do
        if [ -s "RUN/$REALM/certs/incoming.pem" ]; then
                tac "RUN/$REALM/certs/incoming.pem" | grep -B 1000 -m 1 "BEGIN CERTIFICATE" | tac | openssl x509 -noout -text | tee "RUN/$REALM/certs/servercert.txt"
        fi
done

Here is one concrete application: for all the certs received, print the Subject and whether or not the cert contains a subjectAlternativeName - if not, the server name is only stored in CN, which was of interest once when it came to API usage of geteduroam on Android.

Code Block
titleCN-SAN-eval.sh
#!/bin/bash
./printservercertsprintservercert.sh 2>/dev/null | egrep '(Subject:|X509v3 Subject Alternative Name:)' 2>/dev/null > namelist.txt
for REALM in `cat probe_identities.txt`; do
        if [ -f "RUN/$REALM/certs/servercert.txt" ]; then grep 'X509v3 Subject Alternative Name:' "RUN/$REALM/certs/servercert.txt" >/dev/null 2>&1|| echo "Server Certificate of realm $REALM does not have sAN."; fi
done
echo -n "Total number of certificate Subjects seen: "
cat namelist.txt | grep Subject: | wc -l
echo -n "Total number of certificates with subjectAltNames seen: "
cat namelist.txt | grep X509v3 | wc -l

...