Thanks Lewis ! I also used -
openssl s_client -showcerts -connect google.com:443 < /dev/null | openssl x509 -outform PEM | openssl x509 -noout -text | grep -A1 "X509v3 Extended Key Usage" On Tue, Oct 7, 2014 at 11:40 PM, Lewis Rosenthal < lgrosent...@2rosenthals.com> wrote: > Hi, Akash... > > On 10/08/2014 01:40 AM, Akash Jain wrote: > >> HI, >> >> How can I know the "Extended Key Usage" parameters of a remote SSL >> enabled site using OpenSSL ? >> >> Does this help: > > https://www.madboa.com/geek/openssl/#cert-retrieve > > You could modify the one script there to something like: > > #!/bin/sh > # > for CERT in \ > www.somesite.tld:443 > do > echo |\ > openssl s_client -connect ${CERT} 2>/dev/null |\ > sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |\ > openssl x509 -noout -text > done > > and filter the output of the -text param. > > It's interesting that I can't seem to hit on a specific option to dump > just the extended key usage data. > > Actually, as I was drafting this, I thought that perl might be a more > elegant way to go. Perhaps have a look at: > > http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.47/ > examples/x509_cert_details.pl > > Anyone else have a suggestion? > > Cheers > > -- > Lewis > ------------------------------------------------------------- > Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA > Rosenthal & Rosenthal, LLC www.2rosenthals.com > visit my IT blog www.2rosenthals.net/wordpress > IRS Circular 230 Disclosure applies see www.2rosenthals.com > ------------------------------------------------------------- > > > -- > This email was Anti Virus checked by Astaro Security Gateway. > http://www.astaro.com > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
