Skip to content

Instantly share code, notes, and snippets.

@caiguanhao

caiguanhao/openssl.md

Last active August 29, 2015 14:08
Show Gist options
  • Save caiguanhao/0d43b4c0b87588fe25ef to your computer and use it in GitHub Desktop.
Save caiguanhao/0d43b4c0b87588fe25ef to your computer and use it in GitHub Desktop.
Download ZIP
handy openssl commands to make (self signed) certificates
Raw
openssl.md

Get list of subject alternative names of a domain

lssan () {
  [[ $# -ne 1 ]] && echo 'Usage: lssan <DOMAIN>' || {
    openssl s_client -connect $1:443 -servername $1 </dev/null 2>/dev/null | \
    openssl x509 -text -noout | grep 'X509v3 Subject Alternative Name' -A 1 | \
    tail -1 | tr ',' '\n' | awk -F: '{print $2}'
  }
}

Mac only:

List, trust, distrust certs. You can also use the Keychain Access.app.

ls-cert () {
  sudo security dump-keychain /Library/Keychains/System.keychain | \
  grep 'class: 0x80001000' -A 10 | grep labl | \
  awk '{e=substr($0, 19);print substr(e, 0, length(e)-1)}'
}
trust-cert () {
  [[ $# -ne 1 ]] && echo 'Usage: trust-cert <CERT-FILE>' || {
    sudo security add-trusted-cert -d -r trustRoot -k \
      /Library/Keychains/System.keychain $1
  }
}
distrust-cert () {
  [[ $# -ne 1 ]] && echo 'Usage: distrust-cert <NAME>' || {
    for hash in $(sudo security find-certificate -c "$1" -a -Z |
      grep '^SHA-1 hash' | awk '{print $3}' | sort | uniq); do
      sudo security delete-certificate -Z "$hash";
    done
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment