Check if key matchies certificate
openssl x509 -noout -modulus -in cfg/certs/ca.crt | openssl md5 ;\
openssl rsa -noout -modulus -in cfg/certs/ca.key | openssl md5
Export all entries of a trust store to PEM format
echo -n changeit | keytool -importkeystore -srckeystore cacerts \
-destkeystore cacerts.p12 -deststoretype PKCS12 -storepass changeit
openssl pkcs12 -in cacerts.p12 -out cacerts.pem -passin pass:changeit
Export private key and cert from JKS
domain=sdgeosbd.sempra.com
echo -n changeit | keytool -importkeystore -srckeystore ${domain} .jks \
-destkeystore ${domain} .p12 -deststoretype PKCS12 -storepass changeit
openssl pkcs12 -in ${domain} .p12 -nokeys -out ${domain} .pem -passin pass:changeit
openssl pkcs12 -in ${domain} .p12 -nodes -nocerts -out ${domain} .key -passin pass:changeit
for i in * .jks ;
do
domain=$( python -c " print '.'.join( '$i '.split('.')[:-1])" )
echo $domain ;
echo | openssl s_client -connect ${domain} :443 2> /dev/null | openssl x509 -noout -dates ;
done
Check Certificate validity
echo $domain ;
echo | openssl s_client -connect ${domain} :443 2> /dev/null | openssl x509 -noout -dates ;
function self_signed_cert {
app_domain=$1 ;
ip=$2 ;
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout ${app_domain} .key -out ${app_domain} .crt -extensions san -config <( echo " [req]" ; echo distinguished_name=req; echo " [san]" ; echo subjectAltName=DNS:* .${ip} .nip.io,IP:${ip} ) -subj /CN=${app_domain} .${ip} .nip.io
}