Certificate:Quick check
Jump to navigation
Jump to search
This is a quick and dirty perl program to output the compare string so that it is easy to see why the cert is being regenerated. It comes from http://bugs.contribs.org/show_bug.cgi?id=1602#c36 vim check_certificate and paste this
#!/usr/bin/perl require esmith::ConfigDB; my $conf_db = esmith::ConfigDB->open; my $FQDN = $conf_db->get_prop('SystemName', 'type') . "." . $conf_db->get_prop('DomainName', 'type'); my $crt = "/home/e-smith/ssl.crt/$FQDN.crt"; my $defaultCity = $conf_db->get_prop('ldap', 'defaultCity'); my $defaultCompany = $conf_db->get_prop('ldap', 'defaultCompany'); my $defaultDepartment = $conf_db->get_prop('ldap', 'defaultDepartment'); my $email = "admin\@$FQDN"; my $expected_issuer = '/C=--' .
'/ST=----' . "/L=$defaultCity" . "/O=$defaultCompany" . "/OU=$defaultDepartment" . "/CN=$FQDN" . "/emailAddress=$email";
my $issuer = `openssl x509 -issuer -noout -in $crt`; chomp $issuer; $issuer =~ s/^issuer= //; if ($issuer eq $expected_issuer) {
print "Certificates matchi.\n";
} else {
print "Certificates don't match.\n"; print "$issuer\n"; print "$expected_issuer\n";
}
then
chmod u+x check_certificate
if you want to use it
./check_certificate
it displays
# ./check_certificate Certificates don't match. /C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@stephdl.xxxx.org /C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@sme9.stephdl.xxxx.org