make;
make install;

some notes to myself

Blog

About

Check cert revocation date/reason

Written on November 17, 2016

A script to grab the cert for a given domain, and print the date & reason for revocation.

#!/bin/bash
#
# pass in domain as argument
#

# get the cert for domain
certfile=$(mktemp)
echo "" | openssl s_client -connect $1:443 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > $certfile
serial=$(openssl x509 -in $certfile -noout -serial | cut -d "=" -f 2)

# pull down the crl
crl_url=$(cat $certfile | openssl x509 -noout -text | grep crl | cut -c 23-)
wget -q -S -O - $crl_url 2>/dev/null | openssl crl -inform DER -noout -text | grep -A4 $serial
rm $certfile