Created
October 19, 2019 08:54
-
-
Save macnotes/c05de1ca62b18e4e3b00afa229602a52 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
server='jamf.jamfcloud.com' | |
port='443' | |
echo "[start] Script will export the certificate chain for ${server} running on port ${port}..." | |
echo | |
# echo "The certificate trust chain for this server is:" | |
# echo | openssl s_client -connect "${server}:${port}" 2>&1 | sed -ne '/Certificate chain/,/---/p' | sed '$d' | sed '1d' | |
# echo | |
now=$( date +%Y-%m-%d_%H-%M-%S ) | |
saveToFolder="${HOME}/Desktop/${server}_certchain_$now" | |
echo "[info] The trust chain certificates will be saved to :" | |
echo "${saveToFolder}." | |
mkdir "$saveToFolder" | |
cd "$saveToFolder" | |
echo | |
echo "[step] Downloading certs from the server..." | |
# showcerts=$( ex +'g/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect "${server}:${port}" 2>/dev/null ) -scq ) | |
# echo "$showcerts" | |
# echo "$showcerts" | awk '/BEGIN /,/END /{ if(/BEGIN/){filenum++}; out="cert"filenum".cer"; print >out}' | |
# open "$saveToFolder" | |
# showcerts=$( ex +'g/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect "${server}:${port}" 2>/dev/null ) -scq ) | |
showcerts=$( echo | openssl s_client -showcerts -connect "${server}:${port}" 2>&1 ) | |
echo "[step] Saving certs to files..." | |
echo "$showcerts" | awk '/BEGIN /,/END /{ if(/BEGIN/){filenum++}; out="cert"filenum".cer"; print >out}' | |
echo | |
echo "[info] Here is the trust chain for this server:" | |
echo "$showcerts" | grep 'depth' | |
echo | |
echo "[step] Renaming the exported certificate files as their certificate's subject..." | |
for certfile in *.cer; do | |
[ -f "$certfile" ] || continue | |
newname=$( openssl x509 -noout -subject -in "$certfile" | sed -n 's/^.*CN=\(.*\)$/\1/; s/[ ,.*]/_/g; s/__/_/g; s/^_//g;p') | |
newname=${newname//_-_/-} | |
newname="${newname}.cer" | |
echo "Renaming $certfile to \"${newname}\"" | |
mv $certfile $newname | |
done | |
echo '-end-' | |
open "$saveToFolder" | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment