Security/Server Side TLS: Difference between revisions

Jump to navigation Jump to search

Security/Server Side TLS (view source)

Revision as of 13:46, 4 March 2015

708 bytes removed ,  4 March 2015
m
Undo revision 1059654 - This script should be proposed on the Talk page and not published directly
(→‎OCSP Stapling support: Adds script for automatic OCSP in HAProxy)
m (Undo revision 1059654 - This script should be proposed on the Talk page and not published directly)
Line 375: Line 375:
OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca
OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca
</pre>
</pre>
This little script can come handy:
<pre>
#!/bin/bash -eux
PEM_FILE=${1}
CRT_FILE=/tmp/`basename ${PEM_FILE} | sed 's/pem/crt/'`
DIR=`dirname ${PEM_FILE}`
URL=`openssl x509 -in ${PEM_FILE} -text | grep OCSP | cut -d: -f2,3`
HEADER=`echo $URL | cut -d/ -f3`
ISSUER_CRT_URL=`openssl x509 -in ${PEM_FILE} -text | grep Issuers | cut -d: -f2,3`
wget ${ISSUER_CRT_URL} -q -O - | openssl x509 -inform DER -outform PEM > ${PEM_FILE}.issuer
openssl x509 -outform PEM -in ${PEM_FILE} > ${CRT_FILE}
openssl ocsp -noverify -issuer ${PEM_FILE}.issuer -cert ${CRT_FILE} -url ${URL} -no_nonce -header Host ${HEADER}  -respout ${PEM_FILE}.ocsp
</pre>
Don't forget to put this script in a cron and reload HAProxy afterward.


== Stud ==
== Stud ==
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1059656"

Navigation menu