Created
March 8, 2023 17:14
-
-
Save bandi13/501c036f9d642d584638f6e19684466d to your computer and use it in GitHub Desktop.
OCSP certificate test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script checks the OCSP of a certificate from a server | |
for server in akamai.com:443 wikipedia.org:443 google.com:443; do | |
echo "Testing server: $server" | |
# Get the site's certificate | |
openssl s_client -connect $server 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > main.pem | |
ocsp_server=$(openssl x509 -noout -ocsp_uri -in main.pem) | |
# Get the entire certificate chain | |
openssl s_client -connect $server -showcerts 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > chain.pem | |
#openssl x509 -text -noout -in chain.pem | |
# Remove the site's certificate from the chain (ie: the first cert) | |
awk ' | |
split_after == 1 {n++;split_after=0} | |
/-----END CERTIFICATE-----/ {split_after=1} | |
{print > "cert" n ".pem"}' < chain.pem | |
cat cert[1-5].pem > chain2.pem | |
# Send an OCSP request | |
openssl ocsp -issuer chain2.pem -cert main.pem -text -url $ocsp_server | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment