Created
June 19, 2017 18:16
-
-
Save pgporada/e40b60ce9974a486b0d100dfeab5e8eb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ "${EUID}" -ne 0 ]; then | |
echo "Please run with sudo privs" | |
exit 1 | |
fi | |
if [ $# -ne 1 ]; then | |
echo "Pass a website to the script" | |
echo "Example" | |
echo " ./$(basename $0) www.example.com" | |
exit 1 | |
fi | |
URL=$1 | |
BLD=$(tput bold) | |
RST=$(tput sgr0) | |
echo "${BLD}+) Searching for an OCSP endpoint in the cert located at:${RST} /etc/letsencrypt/live/${URL}/chain.pem" | |
OCSP_ENDPOINT=$(openssl x509 \ | |
-noout \ | |
-ocsp_uri \ | |
-in /etc/letsencrypt/live/${URL}/cert.pem) | |
if [ $? -eq 0 ]; then | |
echo "${BLD}+) Found the OCSP endpoint:${RST} ${OCSP_ENDPOINT}" | |
else | |
echo "${BLD}-) Did not find an OCSP endpoint${RST}" | |
exit 1 | |
fi | |
echo "${BLD}+) Generating:${RST} ${URL}.der" | |
openssl ocsp \ | |
-url ${OCSP_ENDPOINT} \ | |
-header "Host" "$(echo ${OCSP_ENDPOINT} | sed -e 's|^https://||' -e 's|^http://||')" \ | |
-issuer /etc/letsencrypt/live/${URL}/chain.pem \ | |
-cert /etc/letsencrypt/live/${URL}/cert.pem \ | |
-verify_other /etc/letsencrypt/live/${URL}/chain.pem \ | |
-no_nonce \ | |
-resp_text \ | |
-respout ${URL}-ocsp.der | |
echo "${BLD}+) ${URL}-ocsp.der has been created${RST}" | |
ls -al ${URL}-ocsp.der |
Author
pgporada
commented
Jun 19, 2017
•
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment