shell script that uses the openssl command to retrieve the certificate of an external site through a proxy

 

#!/bin/bash


# Set the proxy server details

PROXY_HOST="proxy.example.com"

PROXY_PORT="8080"

PROXY_USER="proxy_username"

PROXY_PASS="proxy_password"


# Set the URL of the site to retrieve the certificate for

SITE_URL="www.example.com"


# Set the path to the output file for the certificate

CERT_FILE="example.com.crt"


# Set the OpenSSL configuration file for the proxy

PROXY_CONFIG=$(cat << EOF

[proxy]

http_proxy = http://$PROXY_USER:$PROXY_PASS@$PROXY_HOST:$PROXY_PORT

https_proxy = https://$PROXY_USER:$PROXY_PASS@$PROXY_HOST:$PROXY_PORT

EOF

)


# Create a temporary OpenSSL configuration file for the proxy

echo "$PROXY_CONFIG" > proxy.conf


# Use the OpenSSL command to retrieve the certificate for the site through the proxy

openssl s_client -connect $SITE_URL -servername $SITE_URL -proxy $PROXY_HOST:$PROXY_PORT -proxy_type http -showcerts </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $CERT_FILE


# Remove the temporary OpenSSL configuration file for the proxy

rm proxy.conf


# Print a message indicating the location of the output file

echo "Certificate saved to $CERT_FILE"




Replace "proxy.example.com" with the hostname or IP address of your proxy server, "8080" with the port number of your proxy server, "proxy_username" and "proxy_password" with your proxy authentication credentials, and "www.example.com" with the hostname of the site you want to retrieve the certificate for.


The script uses the openssl command to connect to the site through the proxy and retrieve the certificate, then saves it to the file specified by the "CERT_FILE" variable.


The script also creates a temporary OpenSSL configuration file for the proxy, which specifies the proxy server details and is passed to the openssl command using the "-proxy" option. After the command has run, the temporary file is removed.


To run the script, save it as a file with a .sh extension (e.g. get-cert-from-proxy.sh), make it executable with the command "chmod +x get-cert-from-proxy.sh", then run it with the command "./get-cert-from-proxy.sh".





Comments

Post a Comment

Popular posts from this blog

Shell script to find out aliases and their expiration in cacerts

  #!/bin/bash # Set the path to the Java installation directory JAVA_HOME="/opt/java" # Set the password for the keystore KEYSTORE_PASS="keystore_password" # List all aliases in the keystore ALIASES=$(keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass $KEYSTORE_PASS | grep "Alias name:" | awk '{print $3}') # Loop through the aliases and get the expiration date for each certificate for ALIAS in $ALIASES; do     # Get the expiration date in human-readable format     EXP_DATE=$(keytool -list -v -alias $ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass $KEYSTORE_PASS | grep "Valid from" | awk '{print $3 " " $4 " " $7 " " $6}')     # Print the alias name and expiration date     echo "Alias Name: $ALIAS"     echo "Expiration Date: $EXP_DATE"     echo "" done Replace "/path/to/java" with the path to your Java installation directory, ...
Read more

shell script to scp multiple file to multiple destinations

  #!/bin/bash # Prompt the user for the name of the file to transfer using printf and read commands printf "Enter the name of the file to transfer: " read filename # Prompt the user for the IP addresses to transfer the files to using printf and read commands printf "Enter the IP addresses to transfer the file(s) to (separated by spaces): " read -a ips # Define the username to use for the SCP transfer username="user" # Loop through the array of IP addresses and transfer the file to each one for ip in "${ips[@]}" do     # Use printf to display a message before transferring each file     printf "Transferring %s to %s...\n" "$filename" "$ip"         # Use scp to transfer the file to the current IP address     scp "$filename" "${username}@${ip}:~/" done # Use printf to display a summary message when the transfers are complete printf "Transferred %s to %d IP addresses.\n" "$filename"...
Read more

How to resolve port conflict in websphere

 To resolve port conflicts in WebSphere Application Server on Linux, you can follow the below steps: Determine the port that is in conflict: a. Login in server b. Run the command: ./netstat -an | grep <port> where <port> is the port number that is in conflict. Identify the process that is using the port: a. Run the command: ps -ef | grep <PID> where <PID> is the Process ID (PID) of the process that is using the port. Stop the process that is using the port: a. Use the kill command to stop the process: kill -9 <PID> where <PID> is the Process ID of the process that is using the port. b. Change port in serverindex.xml file if required  c.Stop node and sync with dmgr then start node Restart the WebSphere Application Server: a. Go to the WebSphere installation directory: cd /opt/IBM/WebSphere/AppServer/bin b. Run the command: ./stopServer.sh <server_name> where <server_name> is the name of the server that you modified the port number...
Read more