5,576
edits
Changes
Jump to navigation
Jump to search
Created page with "This is a quick and dirty perl program to output the compare string so that it is easy to see why the cert is being regenerated. It comes from http://bugs.contribs.org/show_bu..."
This is a quick and dirty perl program to output the compare string so that it is easy to see why the cert is being regenerated. It comes from http://bugs.contribs.org/show_bug.cgi?id=1602#c36
vim check_certificate
and paste this
#!/usr/bin/perl
require esmith::ConfigDB;
my $conf_db = esmith::ConfigDB->open;
my $FQDN = $conf_db->get_prop('SystemName', 'type') . "." . $conf_db->get_prop('DomainName', 'type');
my $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
my $defaultCity = $conf_db->get_prop('ldap', 'defaultCity');
my $defaultCompany = $conf_db->get_prop('ldap', 'defaultCompany');
my $defaultDepartment = $conf_db->get_prop('ldap', 'defaultDepartment');
my $email = "admin\@$FQDN";
my $expected_issuer = '/C=--' .
'/ST=----' .
"/L=$defaultCity" .
"/O=$defaultCompany" .
"/OU=$defaultDepartment" .
"/CN=$FQDN" .
"/emailAddress=$email";
my $issuer = `openssl x509 -issuer -noout -in $crt`;
chomp $issuer;
$issuer =~ s/^issuer= //;
if ($issuer eq $expected_issuer)
{
print "Certificates matchi.\n";
} else {
print "Certificates don't match.\n";
print "$issuer\n";
print "$expected_issuer\n";
}
then
chmod u+x check_certificate
if you want to use it
./check_certificate
it displays
# ./check_certificate
Certificates don't match.
/C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@stephdl.xxxx.org
/C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@sme9.stephdl.xxxx.org
[[Category:Howto]]
vim check_certificate
and paste this
#!/usr/bin/perl
require esmith::ConfigDB;
my $conf_db = esmith::ConfigDB->open;
my $FQDN = $conf_db->get_prop('SystemName', 'type') . "." . $conf_db->get_prop('DomainName', 'type');
my $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
my $defaultCity = $conf_db->get_prop('ldap', 'defaultCity');
my $defaultCompany = $conf_db->get_prop('ldap', 'defaultCompany');
my $defaultDepartment = $conf_db->get_prop('ldap', 'defaultDepartment');
my $email = "admin\@$FQDN";
my $expected_issuer = '/C=--' .
'/ST=----' .
"/L=$defaultCity" .
"/O=$defaultCompany" .
"/OU=$defaultDepartment" .
"/CN=$FQDN" .
"/emailAddress=$email";
my $issuer = `openssl x509 -issuer -noout -in $crt`;
chomp $issuer;
$issuer =~ s/^issuer= //;
if ($issuer eq $expected_issuer)
{
print "Certificates matchi.\n";
} else {
print "Certificates don't match.\n";
print "$issuer\n";
print "$expected_issuer\n";
}
then
chmod u+x check_certificate
if you want to use it
./check_certificate
it displays
# ./check_certificate
Certificates don't match.
/C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@stephdl.xxxx.org
/C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@sme9.stephdl.xxxx.org
[[Category:Howto]]