Wartbarkeit, Stabilität und Effektivität

testing SSL-certs of vHosts

2010-12 06
Mo, 2010-12-06 14:55 -- mig

We are using SSL vHosts1 a lot for our server. All certs are signed by CAcert2 with a 2 years validity. That’s lasts not very long and have to be checked frequently.

So how to do that?

vhost=hg.xilab.net ; \
echo QUIT | gnutls-cli $vhost --print-cert \
| grep "CN=$vhost"

The command gnutls-cli --print-cert connects via sni to the host and prints the whole certificate-chain. In this case the expires line of the host-cert is our target. Voila

  1. The tech is called SNI Server Name Indication ↩︎

  2. CAcert is an web-of-trust Certificate Authority ↩︎