Certificate:Quick check

From SME Server
Jump to: navigation, search

This is a quick and dirty perl program to output the compare string so that it is easy to see why the cert is being regenerated. It comes from http://bugs.contribs.org/show_bug.cgi?id=1602#c36 vim check_certificate and paste this

#!/usr/bin/perl
 
 require esmith::ConfigDB;
 my $conf_db = esmith::ConfigDB->open;
 
 my $FQDN = $conf_db->get_prop('SystemName', 'type') . "." . $conf_db->get_prop('DomainName', 'type');
 my $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
 my $defaultCity = $conf_db->get_prop('ldap', 'defaultCity');
 my $defaultCompany = $conf_db->get_prop('ldap', 'defaultCompany');
 my $defaultDepartment = $conf_db->get_prop('ldap', 'defaultDepartment');
 my $email = "admin\@$FQDN";
 
 my $expected_issuer = '/C=--' .
		      '/ST=----' .
		      "/L=$defaultCity" .
		      "/O=$defaultCompany" .
		      "/OU=$defaultDepartment" .
		      "/CN=$FQDN" .
		      "/emailAddress=$email";

 my $issuer = `openssl x509 -issuer -noout -in $crt`;
 chomp $issuer;
 $issuer =~ s/^issuer= //;
 if ($issuer eq $expected_issuer)
 {
	print "Certificates matchi.\n";
 } else {
	print "Certificates don't match.\n";
	print "$issuer\n";
	print "$expected_issuer\n";
 }

then

chmod u+x check_certificate

if you want to use it

./check_certificate

it displays

# ./check_certificate
Certificates don't match.
/C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@stephdl.xxxx.org
/C=--/ST=----/L=Rodez/O=Famille de Labrusse/OU=Branche de didier de Labrusse/CN=sme9.stephdl.xxxx.org/emailAddress=admin@sme9.stephdl.xxxx.org