检查 SSL 证书的到期日期
我编写了一个脚本来查找目录中 SSL 证书的到期日期。
shopt -s nullglob
for f in *.0 *.pem *.key *.crt; do
echo "## CERTIFICATE NAME -> $f ##"
openssl x509 -noout -in $f -issuer -subject -dates
echo ""
done
这方面有什么改进吗?
I wrote a script to find the expiry dates of SSL cert in a directory.
shopt -s nullglob
for f in *.0 *.pem *.key *.crt; do
echo "## CERTIFICATE NAME -> $f ##"
openssl x509 -noout -in $f -issuer -subject -dates
echo ""
done
Are there any improvements on this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
请检查cmd以获取预期的答案:
openssl x509 -noout -text -in abc.cer | grep 不是描述:使用您的
.cer或crt证书名称Please check cmd to get Expected ans :
openssl x509 -noout -text -in abc.cer | grep NotDescription : Use your
.cerorcrtcertificate name您不应该考虑 .key 文件 - 私钥没有任何到期日期。另外,根据您的约定,.crt 文件可能是 PKCS12 文件,在这种情况下,您必须先解压它们。
不知道为什么 .0 文件会出现 - 如果它们是符号链接,您确实应该只查看指向的文件。如果是这样,选择文件的标准实际上应该是查看所有链接,而不是所有 .0 文件(因为也可能有 .1 文件)。
You shouldn't consider .key files - private keys don't have any expiry dates. Also, depending on your convention, .crt files might be PKCS12 files, in which case you would have to unpack them first.
Not sure why .0 files show up - if they are symlinks, you really should be looking only at the files pointed to. If so, the criterion for selecting files really should be to look at all links, not all .0 files (since there may also be .1 files).