Certificate:Quick check
From SME Server
Jump to navigationJump to searchThe printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
This is a quick and dirty perl program to output the compare string so that it is easy to see why the cert is being regenerated. It comes from http://bugs.contribs.org/show_bug.cgi?id=1602#c36 vim check_certificate and paste this
#!/usr/bin/perl require esmith::ConfigDB; my $conf_db = esmith::ConfigDB->open; my $FQDN = $conf_db->get_prop('SystemName', 'type') . "." . $conf_db->get_prop('DomainName', 'type'); my $crt = "/home/e-smith/ssl.crt/$FQDN.crt"; my $defaultCity = $conf_db->get_prop('ldap', 'defaultCity'); my $defaultCompany = $conf_db->get_prop('ldap', 'defaultCompany'); my $defaultDepartment = $conf_db->get_prop('ldap', 'defaultDepartment'); my $email = "admin\@$FQDN"; my $expected_issuer = '/C=--' . '/ST=----' . "/L=$defaultCity" . "/O=$defaultCompany" . "/OU=$defaultDepartment" . "/CN=$FQDN" . "/emailAddress=$email"; my $issuer = `openssl x509 -issuer -noout -in $crt`; chomp $issuer; $issuer =~ s/^issuer= //; if ($issuer eq $expected_issuer) { print "Certificates matchi.\n"; } else { print "Certificates don't match.\n"; print "$issuer\n"; print "$expected_issuer\n"; }
then
chmod u+x check_certificate
if you want to use it
./check_certificate
it displays
# ./check_certificate Certificates don't match. /C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@stephdl.xxxx.org /C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@sme9.stephdl.xxxx.org