Skip to content

Instantly share code, notes, and snippets.

@inscapist

inscapist/openssl.zsh

Last active October 20, 2022 02:28
Show Gist options
  • Save inscapist/c210588d70daf21f87cbfe610cf38756 to your computer and use it in GitHub Desktop.
Save inscapist/c210588d70daf21f87cbfe610cf38756 to your computer and use it in GitHub Desktop.
Download ZIP
Openssl helper functions (WIP)
Raw
openssl.zsh
# args:
# $1. server_name assuming SNI (eg. sub.domain.com)
# $2. endpoint (eg. IP_ADDR:8443 or sub.domain.com:443)
function tlscert-check() {
echo | \
openssl s_client -servername $1 -connect $2 2>/dev/null | \
openssl x509 -text -noout
}
function tlscert-list-kube() {
kubectl get secrets -A \
--field-selector type=kubernetes.io/tls
}
# Ensure that the secret is in the current namespace
# args:
# $1. secret_name
function tlscert-check-kube() {
kubectl get secret $1 -o json | \
jq -r '.data."tls.crt"' | \
base64 -d | \
openssl x509 -noout -text
}
@inscapist
Copy link
Author 

# check ingress secret
tlscert-list-kube
tlscert-check-kube my-tls-secret

# check cert directly (To cloudflare's edge certificate)
tlscert-check my.domain.com my.domain.com:443

# check cert directly (To origin certificate, by letsencrypt issuer). IP address can be found in `kubectl get ingress`
tlscert-check my.domain.com xxx.xxx.xxx.xxx:443

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment