Lazy checking website’s SSL certs

Thursday, 11. 05. 2006  –  Category: all, stash

I wanted to avoid RSI checking the browser’s padlock on every site I’d just updated a SSL cert for:

[lemon@core ~ ] 0 $ for z in 4 5 6 7 8 9 10 11 12 ; do echo 'GET /' | openssl s_client -connect devgateway${z}.foo.co.uk:443 2>&1 | openssl x509 -text | grep -i 'Not Before' ; done
            Not Before: May  9 11:24:00 2006 GMT
            Not Before: May  9 11:54:05 2006 GMT
            Not Before: May  9 11:54:05 2006 GMT
            Not Before: May  9 11:24:00 2006 GMT
            Not Before: May  9 11:24:01 2006 GMT
            Not Before: May  9 11:24:01 2006 GMT
            Not Before: May  9 11:54:06 2006 GMT
            Not Before: May  9 11:24:01 2006 GMT
            Not Before: May  9 11:24:01 2006 GMT

Ugly, but it works. the ssl_client(1) man page contains this apology:

<strong>BUGS</strong>
       Because this program has a lot of options and also because some of the
       techniques used are rather old, the C source of s_client is rather hard
       to read and not a model of how things should be done. A typical SSL
       client program would be much simpler.

Leave a Reply