Certificate:Quick check

From SME Server
Revision as of 20:31, 2 January 2015 by Stephdl (talk | contribs) (Created page with "This is a quick and dirty perl program to output the compare string so that it is easy to see why the cert is being regenerated. It comes from http://bugs.contribs.org/show_bu...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This is a quick and dirty perl program to output the compare string so that it is easy to see why the cert is being regenerated. It comes from http://bugs.contribs.org/show_bug.cgi?id=1602#c36 vim check_certificate and paste this

#!/usr/bin/perl

require esmith::ConfigDB;
my $conf_db = esmith::ConfigDB->open;

my $FQDN = $conf_db->get_prop('SystemName', 'type') . "." . $conf_db->get_prop('DomainName', 'type');
my $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
my $defaultCity = $conf_db->get_prop('ldap', 'defaultCity');
my $defaultCompany = $conf_db->get_prop('ldap', 'defaultCompany');
my $defaultDepartment = $conf_db->get_prop('ldap', 'defaultDepartment');
my $email = "admin\@$FQDN";

my $expected_issuer = '/C=--' .

'/ST=----' . "/L=$defaultCity" . "/O=$defaultCompany" . "/OU=$defaultDepartment" . "/CN=$FQDN" . "/emailAddress=$email";

my $issuer = `openssl x509 -issuer -noout -in $crt`;
chomp $issuer;
$issuer =~ s/^issuer= //;
if ($issuer eq $expected_issuer)
{

print "Certificates matchi.\n";

} else {

print "Certificates don't match.\n"; print "$issuer\n"; print "$expected_issuer\n";

}

then

chmod u+x check_certificate

if you want to use it

./check_certificate

it displays

# ./check_certificate
Certificates don't match.
/C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@stephdl.xxxx.org
/C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@sme9.stephdl.xxxx.org