Tuesday, 1 June 2021

Inspecting certificates using OpenSSL and a variant of grep

In the context of: -

Building Kubernetes on Linux on IBM Z - it's a matter of trust ...

today I learned (TIL) that one could use egrep to examine x509 certificates: -

echo | openssl s_client -connect storage.googleapis.com:443 | egrep "^subject=|^issuer="

depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.storage.googleapis.com
verify return:1
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.storage.googleapis.com
issuer=/C=US/O=Google Trust Services/CN=GTS CA 1O1

which is good to know 😁

No comments:

TIL - read-only variables in Linux

 A co-worker was seeing an exception: -  line 8: TMOUT: readonly variable when trying to SCP a file from a remote Linux box. I did some digg...