MelindaShore/ocspchecker

## ocspchecker
#!/bin/bash

if [ "$#" -ne 1 ]; then
    echo Usage: $0 servername
    exit 1
fi

servername=$1
cert=$servername.pem
openssl s_client -connect $servername:443 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' >$cert

responder=`openssl x509 -ocsp_uri -in $cert -noout`
cakey=`openssl x509 -text -in $cert | grep "CA Issuers" | sed 's/^.*URI://'`
curl -s $cakey >`basename $cakey`
capem=`basename -s .der $cakey`.pem
openssl x509 -inform DER -outform PEM -in `basename $cakey` -out $capem

openssl ocsp -no_nonce -issuer $capem -cert $cert -url $responder -header HOST `echo $responder|sed -e 's;http://;;' -e 's;/.*$;;'` 2>/dev/null
	#!/bin/bash

	if [ "$#" -ne 1 ]; then
	echo Usage: $0 servername
	exit 1
	fi

	servername=$1
	cert=$servername.pem
	openssl s_client -connect $servername:443 2>&1 < /dev/null \| sed -n '/-----BEGIN/,/-----END/p' >$cert

	responder=`openssl x509 -ocsp_uri -in $cert -noout`
	cakey=`openssl x509 -text -in $cert \| grep "CA Issuers" \| sed 's/^.*URI://'`
	curl -s $cakey >`basename $cakey`
	capem=`basename -s .der $cakey`.pem
	openssl x509 -inform DER -outform PEM -in `basename $cakey` -out $capem

	openssl ocsp -no_nonce -issuer $capem -cert $cert -url $responder -header HOST `echo $responder\|sed -e 's;http://;;' -e 's;/.*$;;'` 2>/dev/null