Domů Procházet Nápověda
Registrovat se Přihlásit se
cere
/
home
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Větev: master
Větve Značky
home
/
ngp_le
/
app
/
cert_status

cert_status 2.5 KB
Trvalý odkaz Historie Surový

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. #!/bin/bash
    2. 

  2. function print_cert_info {
    3. 

  3.   local enddate
    4. 

  4.   local subject
    5. 

  5.   local san_str
    6. 

  6. 

  7.   # Get the wanted informations with OpenSSL.
    8. 

  8.   issuer="$(openssl x509 -noout -issuer -in "$1" | sed -n 's/.*CN = \(.*\)/\1/p')"
    9. 

  9.   enddate="$(openssl x509 -noout -enddate -in "$1" | sed -n 's/notAfter=\(.*$\)/\1/p')"
    10. 

  10.   subject="$(openssl x509 -noout -subject -in "$1" | sed -n 's/.*CN = \([a-z0-9.-]*\)/- \1/p')"
    11. 

  11.   san_str="$(openssl x509 -text -in "$1" | grep 'DNS:')"
    12. 

  12. 

  13.   echo "Certificate was issued by $issuer"
    14. 

  14.   if [[ "$2" == "expired" ]]; then
    15. 

  15.       echo "Certificate was valid until $enddate"
    16. 

  16.   else
    17. 

  17.       echo "Certificate is valid until $enddate"
    18. 

  18.   fi
    19. 

  19.   echo "Subject Name:"
    20. 

  20.   echo "$subject"
    21. 

  21. 

  22.   # Display the SAN info only if there is more than one SAN domain.
    23. 

  23.   while IFS=',' read -ra SAN; do
    24. 

  24.       if [[ ${#SAN[@]} -gt 1 ]]; then
    25. 

  25.           echo "Subject Alternative Name:"
    26. 

  26.           for domain in "${SAN[@]}"; do
    27. 

  27.               echo "$domain" | sed -n 's/.*DNS:\([a-z0-9.-]*\)/- \1/p'
    28. 

  28.           done
    29. 

  29.       fi
    30. 

  30.   done <<< "$san_str"
    31. 

  31. }
    32. 

  32. 

  33. echo '##### Certificate status #####'
    34. 

  34. for cert in /etc/nginx/certs/*/fullchain.pem; do
    35. 

  35.     [[ -e "$cert" ]] || continue
    36. 

  36.     if [[ -e "${cert%fullchain.pem}chain.pem" ]]; then
    37. 

  37.         # Verify the certificate with OpenSSL.
    38. 

  38.         verify=$(openssl verify -CAfile "${cert%fullchain.pem}chain.pem" "$cert" 2>&1)
    39. 

  39.         if [[ $? -eq 0 ]]; then
    40. 

  40.             echo $verify
    41. 

  41.             # Print certificate info.
    42. 

  42.             print_cert_info "$cert"
    43. 

  43.         else
    44. 

  44.             echo "${cert}: EXPIRED"
    45. 

  45.             # Print certificate info.
    46. 

  46.             print_cert_info "$cert" "expired"
    47. 

  47.         fi
    48. 

  48.     else
    49. 

  49.         echo "${cert}: no corresponding chain.pem file, unable to verify certificate"
    50. 

  50.         # Print certificate info.
    51. 

  51.         print_cert_info "$cert"
    52. 

  52.     fi
    53. 

  53. 

  54.     # Find the .crt files in /etc/nginx/certs which are
    55. 

  55.     # symlinks pointing to the current certificate.
    56. 

  56.     unset symlinked_domains
    57. 

  57.     for symlink in /etc/nginx/certs/*.crt; do
    58. 

  58.         [[ -e "$symlink" ]] || continue
    59. 

  59.         if [[ "$(readlink -f "$symlink")" == "$cert" ]]; then
    60. 

  60.             domain="$(echo "${symlink%.crt}" | sed 's#/etc/nginx/certs/##g')"
    61. 

  61.             symlinked_domains+=("$domain")
    62. 

  62.         fi
    63. 

  63.     done
    64. 

  64. 

  65.     # Display symlinks pointing to the current cert if there is any.
    66. 

  66.     if [[ ${#symlinked_domains[@]} -gt 0 ]]; then
    67. 

  67.         echo "Certificate is used by the following domain(s):"
    68. 

  68.         for domain in "${symlinked_domains[@]}"; do
    69. 

  69.           echo "- $domain"
    70. 

  70.         done
    71. 

  71.     fi
    72. 

  72. 

  73.     echo '##############################'
    74. 

  74. done
    75.