Hi, Akash...
On 10/08/2014 01:40 AM, Akash Jain wrote:
HI,
How can I know the "Extended Key Usage" parameters of a remote SSL
enabled site using OpenSSL ?
Does this help:
https://www.madboa.com/geek/openssl/#cert-retrieve
You could modify the one script there to something like:
#!/bin/sh
#
for CERT in \
www.somesite.tld:443
do
echo |\
openssl s_client -connect ${CERT} 2>/dev/null |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |\
openssl x509 -noout -text
done
and filter the output of the -text param.
It's interesting that I can't seem to hit on a specific option to dump
just the extended key usage data.
Actually, as I was drafting this, I thought that perl might be a more
elegant way to go. Perhaps have a look at:
http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.47/examples/x509_cert_details.pl
Anyone else have a suggestion?
Cheers
--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC www.2rosenthals.com
visit my IT blog www.2rosenthals.net/wordpress
IRS Circular 230 Disclosure applies see www.2rosenthals.com
-------------------------------------------------------------
--
This email was Anti Virus checked by Astaro Security Gateway.
http://www.astaro.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
