Patrick Heim wrote:
> Does anoyne know of a tool or a way to script OpenSSL to:
>
> 1. Connect to an SSL enabled server
> 2. Retrieve the server certificate
> 3. Parse it for the certificate expiration date
Well, you can use "openssl s_client" to connect
to the server:
openssl s_client -connect www.servername.de:port -showcerts
>From the output you can extract the server certificate
(choosing the certificate which has the according
common name ( s:/C=[whatever]/CN=www.servername.de
This certificate you can put into a file and run
openssl x509 on it:
openssl x509 -noout -in bbbb.pem -enddate
The output is like this:
notAfter=Sep 24 09:35:00 2004 GMT
That's what you want, I guess...
So a little bit of perl calling openssl twice (once with
s_client, once with x509) and parsing the output should
be sufficient.
Cheers,
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Consultant, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
