Hi, all...
Actually, Jakob, I think it's the second one (the first one after the
pipe) which can come out, i.e.:
openssl s_client -showcerts -connect google.com:443 < \
/dev/null | openssl x509 -noout -text | grep -A1 "X509v3 Extended Key Usage"
which seems to produce a little less noise, but it's still not down to a
single line of output. Still, it's more elegant than what I cited, I think.
Cheers
On 10/08/2014 08:43 AM, Jakob Bohm wrote:
I think you can safely omit the middle openssl command.
On 08/10/2014 09:28, Akash Jain wrote:
Thanks Lewis !
I also used -
openssl s_client -showcerts -connect google.com:443
<http://google.com:443> < /dev/null | openssl x509 -outform PEM |
openssl x509 -noout -text | grep -A1 "X509v3 Extended Key Usage"
On Tue, Oct 7, 2014 at 11:40 PM, Lewis Rosenthal
<lgrosent...@2rosenthals.com <mailto:lgrosent...@2rosenthals.com>>
wrote:
Hi, Akash...
On 10/08/2014 01:40 AM, Akash Jain wrote:
HI,
How can I know the "Extended Key Usage" parameters of a remote
SSL enabled site using OpenSSL ?
Does this help:
https://www.madboa.com/geek/openssl/#cert-retrieve
You could modify the one script there to something like:
#!/bin/sh
#
for CERT in \
www.somesite.tld:443
do
echo |\
openssl s_client -connect ${CERT} 2>/dev/null |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |\
openssl x509 -noout -text
done
and filter the output of the -text param.
It's interesting that I can't seem to hit on a specific option to
dump just the extended key usage data.
Actually, as I was drafting this, I thought that perl might be a
more elegant way to go. Perhaps have a look at:
http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.47/examples/x509_cert_details.pl
Anyone else have a suggestion?
Cheers
-- Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC www.2rosenthals.com
<http://www.2rosenthals.com>
visit my IT blog www.2rosenthals.net/wordpress
<http://www.2rosenthals.net/wordpress>
IRS Circular 230 Disclosure applies see www.2rosenthals.com
<http://www.2rosenthals.com>
-------------------------------------------------------------
-- This email was Anti Virus checked by Astaro Security Gateway.
http://www.astaro.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
<mailto:openssl-users@openssl.org>
Automated List Manager majord...@openssl.org
<mailto:majord...@openssl.org>
Enjoy
Jakob
--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC www.2rosenthals.com
visit my IT blog www.2rosenthals.net/wordpress
IRS Circular 230 Disclosure applies see www.2rosenthals.com
-------------------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
