~nighthawk/split-certs-online

Retrieve Full Chain from target, split the certs and report on them
658eb246 — Frank Brodbeck a month ago
license added
2e4ee0b9 — Frank Brodbeck a month ago
split certificates online

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~nighthawk/split-certs-online
read/write
git@git.sr.ht:~nighthawk/split-certs-online

You can also use your local clone with git send-email.

What?

Retrieve certificate chain from server via openssl s_client and output each cert.

split-certs-online tries to deduct if starttls is necessary and what protocol to use by taking an educated guess based on the port provided

Why?

No more manual splitting of the output of s_client and fiddling with x509.

How?

usage: split-certs-online.sh: <host:port> [prot]

	host  IP address or hostname
	port  port to connect to
	prot  starttls protocol to use with `openssl s_client'
	      can be either smtp, pop3, imap, xmpp or none

    If no protocol has been specified we use the protocol associated.

Example for https

[*] Report for sr.ht:443
[-] subject= /CN=sr.ht
    serial=0402127CC4FD2008873306946E1A0A74B2BB
    issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    notBefore=Apr 30 11:36:38 2020 GMT
    notAfter=Jul 29 11:36:38 2020 GMT
[-] subject= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    serial=0A0141420000015385736A0B85ECA708
    issuer= /O=Digital Signature Trust Co./CN=DST Root CA X3
    notBefore=Mar 17 16:40:46 2016 GMT
    notAfter=Mar 17 16:40:46 2021 GMT
[*] done.

Example for SMTP with STARTTLS

[!] using smtp for STARTTLS
[*] Report for gmail-smtp-in.l.google.com:25
[-] subject= /C=US/ST=California/L=Mountain View/O=Google LLC/CN=mx.google.com
    serial=E14181C5BE70607608000000004354F9
    issuer= /C=US/O=Google Trust Services/CN=GTS CA 1O1
    notBefore=May 26 15:28:50 2020 GMT
    notAfter=Aug 18 15:28:50 2020 GMT
[-] subject= /C=US/O=Google Trust Services/CN=GTS CA 1O1
    serial=01E3B49AA18D8AA981256950B8
    issuer= /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
    notBefore=Jun 15 00:00:42 2017 GMT
    notAfter=Dec 15 00:00:42 2021 GMT
[*] done.