Commandlets/snippets for https://github.com/acritelli/rucksack.
Check remote certificate information, including issuer, subject, SAN DNS entries and validity dates.
- requires openssl (tested with OpenSSL 1.1.1l FIPS 24 Aug 2021)
check-ssl-info:
command: 'echo | openssl s_client -no_ign_eof -servername {{ server_name }} -connect {{ server_name }}:443 2>/dev/null | openssl x509 -noout -text -dates| grep -e Issuer: -e notBefore -e notAfter -e Subject: -e DNS: | sed "s/^ *//g; s/ DNS:/ /g; s/DNS:/DNS: /; s/\(not.*\)=/\1: /"'
args:
- server_name:
mandatory: True
default: github.com
values:
- google.com
- redhat.com
- ubuntu.comoutput:
localhost> check-ssl-info server_name redhat.com
Attempting to run echo | openssl s_client -no_ign_eof -servername redhat.com -connect redhat.com:443 2>/dev/null | openssl x509 -noout -text -dates| grep -e Issuer: -e notBefore -e notAfter -e Subject: -e DNS: | sed "s/^ *//g; s/ DNS:/ /g; s/DNS:/DNS: /; s/\(not.*\)=/\1: /"
Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
Subject: C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", CN = *.redhat.com
DNS: *.redhat.com, redhat.com
notBefore: Jul 21 00:00:00 2021 GMT
notAfter: Aug 19 23:59:59 2022 GMT