我一直在编写一个脚本来获取一些证书详细信息,而不是当我尝试解析EndDate="openssl s_client -connect $host:$port 2>/dev/null | openssl x509 -enddate -noout | grep "Not After" | awk '{print $4, $5, $7}'"时,我已经解决了现在挂起的脚本的格式。
这是我目前正在编写的完整脚本供大家参考,其中大部分都被黑客攻击,因为我刚刚开始编写脚本。
# User input for the host or url of the certificate to check
echo "What host IP or URL certificate would you like to check: "
read host
# User input for the port number of the certificate to check
echo "What is the port number for the host's IP or URL: "
read port
# Input Verification post
echo "Host connection information = $host:$port"
# openssl expiration date checks for the week
echo "::Certificate expiration date::"
EndDate=`openssl s_client -connect $host:$port 2>/dev/null | openssl x509 - enddate -noout | grep "Not After" | awk '{print $4, $5, $7}'`
DatePlus7=`date -ud "+7 day" | awk '{print $2, $3, $6}'`
if [ "$EndDate" = "$DatePlus7"]
then
echo "Certificate has expired or will do so within 7 days!"
echo "(or is invalid/not found)"
else
echo "Certificate is good for another week!"
fi
最终,我希望能够为管理员输出echo | openssl s_client -connect $host:$port 2>/dev/null | openssl x509 -enddate -noout,这显示在fi语句之后。有人能帮我解决这个问题吗?
答案 0 :(得分:3)
从小开始构建起来而不是开始大规模调试更容易。
这是一种更轻松的方式来重现您的问题,这也只是挂起:
openssl s_client -connect google.com:443
既然问题是如此简单和狭隘,谷歌搜索"为什么openssl s_client会挂起?"导致useful information建议echo -n | ...向"提供对服务器的响应,以便释放连接"。这应该足以进一步(还有其他问题)。
无论如何,这是一个更短的方法:
if openssl s_client -connect google.com:443 2> /dev/null < /dev/null |
openssl x509 -checkend $((60*60*24*7)) -noout -in /dev/stdin
then
echo "The certificate is good."
else
echo "The certificate expires within a week."
fi
答案 1 :(得分:0)
这将打印到期日而不会挂断:
openssl s_client -connect google.com:443 2&gt; / dev / null&lt; / dev / null | openssl x509 -enddate -noout -in / dev / stdin