Tuesday, 1 June 2021

Inspecting certificates using OpenSSL and a variant of grep

In the context of: -

Building Kubernetes on Linux on IBM Z - it's a matter of trust ...

today I learned (TIL) that one could use egrep to examine x509 certificates: -

echo | openssl s_client -connect storage.googleapis.com:443 | egrep "^subject=|^issuer="

depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.storage.googleapis.com
verify return:1
DONE
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.storage.googleapis.com
issuer=/C=US/O=Google Trust Services/CN=GTS CA 1O1

which is good to know 😁

No comments:

Yay, VMware Fusion and macOS Big Sur - no longer "NAT good friends" - forgive the double negative and the terrible pun ...

After macOS 11 Big Sur was released in 2020, VMware updated their Fusion product to v12 and, sadly, managed to break Network Address Trans...