Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
devops-tools
ssl-certificate-utils
Commits
3459a0a7
Commit
3459a0a7
authored
May 02, 2017
by
Xueshan Feng
Browse files
added script to verify cert, key and cert chain. Useful for generating haproxy cert bundle.
parent
e9907d97
Changes
1
Hide whitespace changes
Inline
Side-by-side
verify-haproxy-pem.sh
0 → 100755
View file @
3459a0a7
#!/bin/bash
# Script to verify
fqdn
=
$1
[
-z
"
$fqdn
"
]
&&
echo
"Usage: ./
$(
basename
$0
)
<fqdn>"
&&
exit
1
echo
Checking key file
$fqdn
[
!
-f
$fqdn
.key
]
&&
echo
"
$fqdn
.key doesn't exit."
&&
exit
1
keymd5
=
$(
openssl rsa
-noout
-modulus
-in
$fqdn
.key | openssl md5
)
echo
"md5 =
$keymd5
"
echo
Checking server cert
$cert
cert
=
"
$(
echo
$fqdn
|
tr
'.'
'_'
)
_cert.cer"
[
!
-f
$cert
]
&&
echo
"
$cert
doesn't exit."
&&
exit
1
certmd5
=
$(
openssl x509
-noout
-modulus
-in
$cert
| openssl md5
)
echo
"md5 =
$certmd5
"
if
[
"
$keymd5
"
!=
"
$certmd5
"
]
then
echo
"Certificate and private key doesn't match."
exit
1
fi
echo
Checking CA chain
interm
=
"
$(
echo
$fqdn
|
tr
'.'
'_'
)
_interm.cer"
[
!
-f
$interm
]
&&
echo
"
$interm
doesn't exit."
&&
exit
1
if
!
openssl verify
-CAfile
$interm
$cert
|grep OK
;
then
echo
"CA chain verification failed."
exit
1
fi
echo
Check CAfile. Should be
in
intermidate1, intermiate2,...rootca format.
if
!
openssl x509
-noout
-text
-in
words_stanford_edu_interm.cer |
grep
CN
=
InCommon
;
then
echo
Haproxy needs CA bundle should be
in
this order: intermidate1, intermiate2,...rootca.
else
echo
""
echo
"You can generate
$fqdn
.pem by cancadinating
$cert
$interm
, and
$fqdn
.key together."
fi
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment