OCSP response retrieval script and config file

get_ocsp_stapling

#!/bin/sh
# script /usr/local/sbin/get_ocsp_stapling

OBIN=/usr/local/ssl/bin/openssl
SOCAT=/usr/bin/socat
B64=/usr/bin/base64
CUT=/usr/bin/cut
GREP=/bin/grep
RM=/bin/rm
CERTLIST=/usr/local/etc/ocsp_list.cfg
SOCKET=/etc/haproxy/stats.socket

#for FILE in `cat ${CERTLIST}`; do
while read -r CERT ISSUER
do
  OCSP=${CERT}.ocsp
  ${RM} -f ${OCSP}
  URI=`${OBIN} x509 -text -noout -in $CERT | ${GREP} "  OCSP" \
    | ${CUT} -f 2- -d:`
  HOST=`echo ${URI} | ${CUT} -f3 -d\/`
  ${OBIN} ocsp -noverify \
    -issuer ${ISSUER} \
    -cert ${CERT} \
    -url ${URI} \
    -respout ${OCSP} \
    -no_nonce -header Host ${HOST} \
    > /dev/null 2> /dev/null
    # blank line in case we want to comment out redirection.
  if [ -f $OCSP ]; then
    B64_RESP=`${B64} -w 10000 ${OCSP}`
    SOCKET_CMD="set ssl ocsp-response ${B64_RESP}"
    echo ${SOCKET_CMD} | ${SOCAT} stdio ${SOCKET} \
      > /dev/null 2> /dev/null
    # blank line in case we want to comment out redirection.
  else
    echo "$OCSP doesn't exist!"
  fi
done < ${CERTLIST}

ocsp_list.cfg

/etc/ssl/certs/local/services.ai.combined.pem /etc/ssl/certs/local/sub.class2.server.sha2.ca.pem
/etc/ssl/certs/local/services.nc.combined.pem /etc/ssl/certs/local/sub.class2.server.sha2.ca.pem
/etc/ssl/certs/local/wildcard.dev.REDACTED.com-combined.pem /etc/ssl/certs/local/sub.class2.server.sha2.ca.pem
/etc/ssl/certs/local/wildcard.REDACTED.com.pem /etc/ssl/certs/local/sub.class2.server.sha2.ca.pem
/etc/ssl/certs/local/wildcard.stg.REDACTED.com.pem /etc/ssl/certs/local/sub.class2.server.sha2.ca.pem
/etc/ssl/certs/local/wildcard.REDACTED.com.pem /etc/ssl/certs/local/sub.class2.server.sha2.ca.pem
/etc/ssl/certs/local/wildcard.stg_dev0-9.REDACTED.com.pem /etc/ssl/certs/local/sub.class2.server.sha2.ca.pem
/etc/ssl/certs/local/combined-cn.pem /etc/ssl/certs/local/entrust_l1c.cer
/etc/ssl/certs/local/REDACTED.com.pem /etc/ssl/certs/local/entrust_l1k.cer