On Wed, Sep 28, 2022 at 11:18:41 -0400, Bo Berglund wrote:
> On Wed, 28 Sep 2022 10:40:07 -0400, Joe Patterson <[email protected]>
> wrote:
> >
> >grep -A 100 -F '<cert>' openvpn.conf | openssl x509 -in - -noout -text
> >| grep 'Not After'
> so my OVPN files are structured like this:
>
> client
> dev tun
> <ca>
> -----BEGIN CERTIFICATE-----
> block of characters
> -----END CERTIFICATE-----
> </ca>
> <cert>
> -----BEGIN CERTIFICATE-----
> block of characters
> -----END CERTIFICATE-----
> </cert>
> <key>
I haven't used it specifically on inline certificates in openvpn.conf
files, but in general I found that when processing multi-certificate
input files, "openssl x509" will skip lines in its stdin until it finds
a BEGIN CERTIFICATE block, then it will then process one certificate --
leaving stdin ready to be read further to repeat the process.
So, you can probably use something like the following to display
information on all the certificates found in a particular file:
$ while openssl x509 -noout -text ; do echo "======" ; done < openssl.cnf |
less
The 'echo "======"' bit is just to put a little divider between each
certificate's info in the output; you can tweak that to taste.
At the end of this loop stderr will get a "PEM routines:PEM_read_bio:no
start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE" error message;
this is normal -- it just indicates that the while loop has gone through
all the certificates in the file and couldn't find any new one to
process.
Nathan
----------------------------------------------------------------------------
Nathan Stratton Treadway - [email protected] - Mid-Atlantic region
Ray Ontko & Co. - Software consulting services - http://www.ontko.com/
GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239
Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
