mbentley/check_cert_chain.sh

## check_cert_chain.sh
#!/bin/bash

set -e

# set the paths for certificates
ROOT_CERT="${HOME}/Downloads/certs/DigiCertGlobalRootCA.cer"
INTERMEDIATE_CERT="${HOME}/Downloads/certs/DigiCertSHA2SecureServerIntermediateCA.cer"
SERVER_CERT="${HOME}/Downloads/certs/dfwdtrlabawsw.ds.dtveng.net.cer"

# function to get the issuer
get_issuer() {
  openssl x509 -in "${1}" -text -noout | grep -E '(Issuer: )' | awk -F 'Issuer: ' '{print $2}'
}

# function to get the subject
get_subject() {
  openssl x509 -in "${1}" -text -noout | grep -E '(Subject: )' | awk -F 'Subject: ' '{print $2}'
}

ROOT_ISSUER="$(get_issuer "${ROOT_CERT}")"
ROOT_SUBJECT="$(get_subject "${ROOT_CERT}")"

if [ "${ROOT_ISSUER}" != "${ROOT_SUBJECT}" ]
then
  echo "ERROR: The root CA certificate subject and root CA certificate issuer do not match"
  echo "  Root CA issuer:   ${ROOT_ISSUER}"
  echo "  Root CA subject:  ${ROOT_SUBJECT}"
  exit 1
else
  echo "OK: The root CA certificate subject and root CA certificate issuer match"
  echo "  Root CA issuer:        ${ROOT_ISSUER}"
  echo "  Root CA subject:       ${ROOT_SUBJECT}"
  echo
fi

INTERMEDIATE_ISSUER="$(get_issuer "${INTERMEDIATE_CERT}")"
INTERMEDIATE_SUBJECT="$(get_subject "${INTERMEDIATE_CERT}")"

if [ "${INTERMEDIATE_ISSUER}" != "${ROOT_SUBJECT}" ]
then
  echo "ERROR: Root CA certificate subject and intermediate certificate issuer do not match"
  echo "  Intermediate issuer:   ${INTERMEDIATE_ISSUER}"
  echo "  Root subject:          ${SUBJECT_SUBJECT}"
  exit 1
else
  echo "OK: Root CA certificate subject and intermediate certificate issuer match"
  echo "  Intermediate issuer:   ${INTERMEDIATE_ISSUER}"
  echo "  Intermediate subject:  ${INTERMEDIATE_SUBJECT}"
  echo
fi

SERVER_ISSUER="$(get_issuer "${SERVER_CERT}")"
SERVER_SUBJECT="$(get_subject "${SERVER_CERT}")"

if [ "${SERVER_ISSUER}" != "${INTERMEDIATE_SUBJECT}" ]
then
  echo "ERROR: Intermediate certificate subject and server certificate issuer do not match!"
  echo "  Server issuer:   ${SERVER_ISSUER}"
  echo "  Server subject:  ${SERVER_SUBJECT}"
  exit 1
else
  echo "OK: Intermediate certificate subject and server certificate issuer match"
  echo "  Server issuer:         ${SERVER_ISSUER}"
  echo "  Server subject:        ${SERVER_SUBJECT}"
  echo
fi

echo "Certificate chain verified!"
	#!/bin/bash

	set -e

	# set the paths for certificates
	ROOT_CERT="${HOME}/Downloads/certs/DigiCertGlobalRootCA.cer"
	INTERMEDIATE_CERT="${HOME}/Downloads/certs/DigiCertSHA2SecureServerIntermediateCA.cer"
	SERVER_CERT="${HOME}/Downloads/certs/dfwdtrlabawsw.ds.dtveng.net.cer"

	# function to get the issuer
	get_issuer() {
	openssl x509 -in "${1}" -text -noout \| grep -E '(Issuer: )' \| awk -F 'Issuer: ' '{print $2}'
	}

	# function to get the subject
	get_subject() {
	openssl x509 -in "${1}" -text -noout \| grep -E '(Subject: )' \| awk -F 'Subject: ' '{print $2}'
	}

	ROOT_ISSUER="$(get_issuer "${ROOT_CERT}")"
	ROOT_SUBJECT="$(get_subject "${ROOT_CERT}")"

	if [ "${ROOT_ISSUER}" != "${ROOT_SUBJECT}" ]
	then
	echo "ERROR: The root CA certificate subject and root CA certificate issuer do not match"
	echo " Root CA issuer: ${ROOT_ISSUER}"
	echo " Root CA subject: ${ROOT_SUBJECT}"
	exit 1
	else
	echo "OK: The root CA certificate subject and root CA certificate issuer match"
	echo " Root CA issuer: ${ROOT_ISSUER}"
	echo " Root CA subject: ${ROOT_SUBJECT}"
	echo
	fi

	INTERMEDIATE_ISSUER="$(get_issuer "${INTERMEDIATE_CERT}")"
	INTERMEDIATE_SUBJECT="$(get_subject "${INTERMEDIATE_CERT}")"

	if [ "${INTERMEDIATE_ISSUER}" != "${ROOT_SUBJECT}" ]
	then
	echo "ERROR: Root CA certificate subject and intermediate certificate issuer do not match"
	echo " Intermediate issuer: ${INTERMEDIATE_ISSUER}"
	echo " Root subject: ${SUBJECT_SUBJECT}"
	exit 1
	else
	echo "OK: Root CA certificate subject and intermediate certificate issuer match"
	echo " Intermediate issuer: ${INTERMEDIATE_ISSUER}"
	echo " Intermediate subject: ${INTERMEDIATE_SUBJECT}"
	echo
	fi

	SERVER_ISSUER="$(get_issuer "${SERVER_CERT}")"
	SERVER_SUBJECT="$(get_subject "${SERVER_CERT}")"

	if [ "${SERVER_ISSUER}" != "${INTERMEDIATE_SUBJECT}" ]
	then
	echo "ERROR: Intermediate certificate subject and server certificate issuer do not match!"
	echo " Server issuer: ${SERVER_ISSUER}"
	echo " Server subject: ${SERVER_SUBJECT}"
	exit 1
	else
	echo "OK: Intermediate certificate subject and server certificate issuer match"
	echo " Server issuer: ${SERVER_ISSUER}"
	echo " Server subject: ${SERVER_SUBJECT}"
	echo
	fi

	echo "Certificate chain verified!"