fix_cert_addtrust_external_expiration_apache.sh
· 822 B · Bash
Ham
#!/bin/bash
for CERT in $(grep -P "^( |\t)*SSLCertificateFile" /etc/apache2/sites-enabled/* | awk '{print $3}'); do
TMPFILE=$(mktemp)
trap "{ rm -rf ${TMPFILE}; }" EXIT
if [ \( "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "Sectigo RSA Domain Validation Secure Server CA" -o "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "COMODO RSA Domain Validation Secure Server CA" \) -a ! -L ${CERT} ]; then
echo "${CERT}:"
openssl crl2pkcs7 -nocrl -certfile ${CERT} | openssl pkcs7 -print_certs > ${TMPFILE}
for CA in 'COMODO RSA Certification Authority' 'USERTrust RSA Certification Authority' 'AddTrust External CA Root'; do
sed -i "/^subject.*${CA}/q" ${TMPFILE}
done
sed -Ei "/^(subject|issuer|$)/d" ${TMPFILE}
cp -a ${CERT} ${CERT}.orig
cp ${TMPFILE} ${CERT}
fi
done
| 1 | #!/bin/bash |
| 2 | for CERT in $(grep -P "^( |\t)*SSLCertificateFile" /etc/apache2/sites-enabled/* | awk '{print $3}'); do |
| 3 | TMPFILE=$(mktemp) |
| 4 | trap "{ rm -rf ${TMPFILE}; }" EXIT |
| 5 | if [ \( "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "Sectigo RSA Domain Validation Secure Server CA" -o "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "COMODO RSA Domain Validation Secure Server CA" \) -a ! -L ${CERT} ]; then |
| 6 | echo "${CERT}:" |
| 7 | openssl crl2pkcs7 -nocrl -certfile ${CERT} | openssl pkcs7 -print_certs > ${TMPFILE} |
| 8 | for CA in 'COMODO RSA Certification Authority' 'USERTrust RSA Certification Authority' 'AddTrust External CA Root'; do |
| 9 | sed -i "/^subject.*${CA}/q" ${TMPFILE} |
| 10 | done |
| 11 | sed -Ei "/^(subject|issuer|$)/d" ${TMPFILE} |
| 12 | cp -a ${CERT} ${CERT}.orig |
| 13 | cp ${TMPFILE} ${CERT} |
| 14 | fi |
| 15 | done |
| 16 |