Jan Wagner revisó este gist 5 years ago. Ir a la revisión
1 file changed, 1 insertion, 1 deletion
fix_cert_addtrust_external_expiration_apache.sh
| @@ -3,7 +3,7 @@ | |||
| 3 | 3 | TMPFILE=$(mktemp) | |
| 4 | 4 | trap "{ rm -rf ${TMPFILE}; }" EXIT | |
| 5 | 5 | for CERT in $(grep -P "^( |\t)*SSLCertificateFile" /etc/apache2/sites-enabled/* | awk '{print $3}'); do | |
| 6 | - | if [ \( "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "Sectigo RSA Domain Validation Secure Server CA" -o "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "COMODO RSA Domain Validation Secure Server CA" \) -a ! -L ${CERT} ]; then | |
| 6 | + | if [ \( "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7 | sed 's/^ *//g')" == "Sectigo RSA Domain Validation Secure Server CA" -o "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7 | sed 's/^ *//g')" == "COMODO RSA Domain Validation Secure Server CA" \) -a ! -L ${CERT} ]; then | |
| 7 | 7 | echo "${CERT}:" | |
| 8 | 8 | openssl crl2pkcs7 -nocrl -certfile ${CERT} | openssl pkcs7 -print_certs > ${TMPFILE} | |
| 9 | 9 | for CA in 'COMODO RSA Certification Authority' 'USERTrust RSA Certification Authority' 'AddTrust External CA Root'; do | |
Jan Wagner revisó este gist 5 years ago. Ir a la revisión
1 file changed, 1 insertion, 1 deletion
fix_cert_addtrust_external_expiration_apache.sh
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | #!/bin/bash | |
| 2 | - | # wget https://gist.githubusercontent.com/waja/cb6c427543b9dbea4c775ccfb1f308ab/raw/fix_cert_addtrust_external_expiration_apache.sh -O /tmp/a && bash /tmp/a | |
| 2 | + | # wget https://gist.githubusercontent.com/waja/cb6c427543b9dbea4c775ccfb1f308ab/raw/fix_cert_addtrust_external_expiration_apache.sh -O /tmp/a && bash /tmp/a && apache2ctl -t && service apache2 reload | |
| 3 | 3 | TMPFILE=$(mktemp) | |
| 4 | 4 | trap "{ rm -rf ${TMPFILE}; }" EXIT | |
| 5 | 5 | for CERT in $(grep -P "^( |\t)*SSLCertificateFile" /etc/apache2/sites-enabled/* | awk '{print $3}'); do | |
Jan Wagner revisó este gist 5 years ago. Ir a la revisión
1 file changed, 1 insertion, 1 deletion
fix_cert_addtrust_external_expiration_apache.sh
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | #!/bin/bash | |
| 2 | - | # wget https://gist.githubusercontent.com/waja/cb6c427543b9dbea4c775ccfb1f308ab/raw/fix_cert_addtrust_external_expiration_apache.sh -O /tmp/a && sh /tmp/a | |
| 2 | + | # wget https://gist.githubusercontent.com/waja/cb6c427543b9dbea4c775ccfb1f308ab/raw/fix_cert_addtrust_external_expiration_apache.sh -O /tmp/a && bash /tmp/a | |
| 3 | 3 | TMPFILE=$(mktemp) | |
| 4 | 4 | trap "{ rm -rf ${TMPFILE}; }" EXIT | |
| 5 | 5 | for CERT in $(grep -P "^( |\t)*SSLCertificateFile" /etc/apache2/sites-enabled/* | awk '{print $3}'); do | |
Jan Wagner revisó este gist 5 years ago. Ir a la revisión
1 file changed, 2 insertions, 2 deletions
fix_cert_addtrust_external_expiration_apache.sh
| @@ -1,8 +1,8 @@ | |||
| 1 | 1 | #!/bin/bash | |
| 2 | 2 | # wget https://gist.githubusercontent.com/waja/cb6c427543b9dbea4c775ccfb1f308ab/raw/fix_cert_addtrust_external_expiration_apache.sh -O /tmp/a && sh /tmp/a | |
| 3 | + | TMPFILE=$(mktemp) | |
| 4 | + | trap "{ rm -rf ${TMPFILE}; }" EXIT | |
| 3 | 5 | for CERT in $(grep -P "^( |\t)*SSLCertificateFile" /etc/apache2/sites-enabled/* | awk '{print $3}'); do | |
| 4 | - | TMPFILE=$(mktemp) | |
| 5 | - | trap "{ rm -rf ${TMPFILE}; }" EXIT | |
| 6 | 6 | if [ \( "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "Sectigo RSA Domain Validation Secure Server CA" -o "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "COMODO RSA Domain Validation Secure Server CA" \) -a ! -L ${CERT} ]; then | |
| 7 | 7 | echo "${CERT}:" | |
| 8 | 8 | openssl crl2pkcs7 -nocrl -certfile ${CERT} | openssl pkcs7 -print_certs > ${TMPFILE} | |
Jan Wagner revisó este gist 5 years ago. Ir a la revisión
1 file changed, 1 insertion
fix_cert_addtrust_external_expiration_apache.sh
| @@ -1,4 +1,5 @@ | |||
| 1 | 1 | #!/bin/bash | |
| 2 | + | # wget https://gist.githubusercontent.com/waja/cb6c427543b9dbea4c775ccfb1f308ab/raw/fix_cert_addtrust_external_expiration_apache.sh -O /tmp/a && sh /tmp/a | |
| 2 | 3 | for CERT in $(grep -P "^( |\t)*SSLCertificateFile" /etc/apache2/sites-enabled/* | awk '{print $3}'); do | |
| 3 | 4 | TMPFILE=$(mktemp) | |
| 4 | 5 | trap "{ rm -rf ${TMPFILE}; }" EXIT | |
waja revisó este gist 5 years ago. Ir a la revisión
1 file changed, 15 insertions
fix_cert_addtrust_external_expiration_apache.sh(archivo creado)
| @@ -0,0 +1,15 @@ | |||
| 1 | + | #!/bin/bash | |
| 2 | + | for CERT in $(grep -P "^( |\t)*SSLCertificateFile" /etc/apache2/sites-enabled/* | awk '{print $3}'); do | |
| 3 | + | TMPFILE=$(mktemp) | |
| 4 | + | trap "{ rm -rf ${TMPFILE}; }" EXIT | |
| 5 | + | if [ \( "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "Sectigo RSA Domain Validation Secure Server CA" -o "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7)" == "COMODO RSA Domain Validation Secure Server CA" \) -a ! -L ${CERT} ]; then | |
| 6 | + | echo "${CERT}:" | |
| 7 | + | openssl crl2pkcs7 -nocrl -certfile ${CERT} | openssl pkcs7 -print_certs > ${TMPFILE} | |
| 8 | + | for CA in 'COMODO RSA Certification Authority' 'USERTrust RSA Certification Authority' 'AddTrust External CA Root'; do | |
| 9 | + | sed -i "/^subject.*${CA}/q" ${TMPFILE} | |
| 10 | + | done | |
| 11 | + | sed -Ei "/^(subject|issuer|$)/d" ${TMPFILE} | |
| 12 | + | cp -a ${CERT} ${CERT}.orig | |
| 13 | + | cp ${TMPFILE} ${CERT} | |
| 14 | + | fi | |
| 15 | + | done | |