Re: Know Extended Key Usage

Wed, 08 Oct 2014 05:48:27 -0700 

I think you can safely omit the middle openssl command.

On 08/10/2014 09:28, Akash Jain wrote:

Thanks Lewis !

I also used -
openssl s_client -showcerts -connect google.com:443 <http://google.com:443> < /dev/null | openssl x509 -outform PEM | openssl x509 -noout -text | grep -A1 "X509v3 Extended Key Usage"
On Tue, Oct 7, 2014 at 11:40 PM, Lewis Rosenthal <lgrosent...@2rosenthals.com <mailto:lgrosent...@2rosenthals.com>> wrote: 

    Hi, Akash...

    On 10/08/2014 01:40 AM, Akash Jain wrote:

        HI,

        How can I know the "Extended Key Usage" parameters of a remote
        SSL enabled site using OpenSSL ?

    Does this help:

    https://www.madboa.com/geek/openssl/#cert-retrieve

    You could modify the one script there to something like:

    #!/bin/sh
    #
    for CERT in \
      www.somesite.tld:443
    do
      echo |\
      openssl s_client -connect ${CERT} 2>/dev/null |\
      sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |\
      openssl x509 -noout -text
    done

    and filter the output of the -text param.

    It's interesting that I can't seem to hit on a specific option to
    dump just the extended key usage data.

    Actually, as I was drafting this, I thought that perl might be a
    more elegant way to go. Perhaps have a look at:

    
http://cpansearch.perl.org/src/MIKEM/Net-SSLeay-1.47/examples/x509_cert_details.pl

    Anyone else have a suggestion?

    Cheers
-- Lewis 
    -------------------------------------------------------------
    Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
    Rosenthal & Rosenthal, LLC www.2rosenthals.com
    <http://www.2rosenthals.com>
    visit my IT blog www.2rosenthals.net/wordpress
    <http://www.2rosenthals.net/wordpress>
    IRS Circular 230 Disclosure applies   see www.2rosenthals.com
    <http://www.2rosenthals.com>
    -------------------------------------------------------------
-- This email was Anti Virus checked by Astaro Security Gateway. 
    http://www.astaro.com
    ______________________________________________________________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    <mailto:openssl-users@openssl.org>
    Automated List Manager majord...@openssl.org
    <mailto:majord...@openssl.org>





Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to