Page tree

Get/Copy the host certificate

for a proxy cert or so copy it

export FOOCERT=/foo/dir/cert.pem

or read it from a server

openssl s_client -showcerts -connect www.desy.de:443 </dev/null > /foo/dir/cert.pem

checking proxy/certificate chain

Dissect a voms proxy to analyse the certificate chain

tmpdir="/tmp/x509_cert_tmp"
mkdir $tmpdir
awk "{print > \"$tmpdir/cert\" (1+n) \".pem\"} /-----END CERTIFICATE-----/ {n++}" "${FOOCERT}"
for CERT in $tmpdir/*; do openssl x509 -in $CERT -noout -text; done
 watch out for: sign/hash algorithm (is SHA-1 used/still supported), are all intermediate certs supported as in /etc/grid-security/certificates?
  • No labels