~nighthawk/split-certs-online

Retrieve Full Chain from target, split the certs and report on them
658eb246 — Frank Brodbeck 4 months ago
license added
2e4ee0b9 — Frank Brodbeck 4 months ago
split certificates online

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~nighthawk/split-certs-online
read/write
git@git.sr.ht:~nighthawk/split-certs-online

You can also use your local clone with git send-email.

#What?

Retrieve certificate chain from server via openssl s_client and output each cert.

split-certs-online tries to deduct if starttls is necessary and what protocol to use by taking an educated guess based on the port provided

#Why?

No more manual splitting of the output of s_client and fiddling with x509.

#How?

usage: split-certs-online.sh: <host:port> [prot]

	host  IP address or hostname
	port  port to connect to
	prot  starttls protocol to use with `openssl s_client'
	      can be either smtp, pop3, imap, xmpp or none

    If no protocol has been specified we use the protocol associated.

Example for https

[*] Report for sr.ht:443
[-] subject= /CN=sr.ht
    serial=0402127CC4FD2008873306946E1A0A74B2BB
    issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    notBefore=Apr 30 11:36:38 2020 GMT
    notAfter=Jul 29 11:36:38 2020 GMT
[-] subject= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    serial=0A0141420000015385736A0B85ECA708
    issuer= /O=Digital Signature Trust Co./CN=DST Root CA X3
    notBefore=Mar 17 16:40:46 2016 GMT
    notAfter=Mar 17 16:40:46 2021 GMT
[*] done.

Example for SMTP with STARTTLS

[!] using smtp for STARTTLS
[*] Report for gmail-smtp-in.l.google.com:25
[-] subject= /C=US/ST=California/L=Mountain View/O=Google LLC/CN=mx.google.com
    serial=E14181C5BE70607608000000004354F9
    issuer= /C=US/O=Google Trust Services/CN=GTS CA 1O1
    notBefore=May 26 15:28:50 2020 GMT
    notAfter=Aug 18 15:28:50 2020 GMT
[-] subject= /C=US/O=Google Trust Services/CN=GTS CA 1O1
    serial=01E3B49AA18D8AA981256950B8
    issuer= /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
    notBefore=Jun 15 00:00:42 2017 GMT
    notAfter=Dec 15 00:00:42 2021 GMT
[*] done.