Powershell Wrapper For Openssl To Test Certificate
The aim of this is to share a PowerShell wrapper of OpenSSL that I use to quickly get a set of details of the domain’s certificate. This is what I need for efficient and fully informed support work:
✅ ability to pass a list of domains to be checked with a single call
✅ print full certificate chain
✅ quick downloadability into a text file I can attach to a ticket
✅ elasticity of printed length
✅ print both the first CN as well as all other SANs (i.e. all domains certificate can support)
✅ cert issuer
✅ expiration date.
NOTE: initially, the script downloads CA Certs extracted from Mozilla that it uses/stores in the user profile folder. This is because does not have any higher-level certificate available out-of-the-box. Without this you would get OpenSSL Error: Unable To Get Local Issuer Certificate )
1. CODE
2. WHY ECHO “Q”
echo "q"is there to close the session so that another certificate can be checked
3. ON X509 -TEXT
- x509 itself is a standard defining the format of public-key certificates originally from 1988
- x509 defines a strict hierarchical system of certificate authorities (CAs) for issuing the certificates
- this differs from web of trusts like PGP where anyone (not just special CAs) may sign and thus attest to the validity of others key certificates
- in the context of OpenSSL:
The x509 command is a multi-purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a “mini CA” or edit certificate trust settings.
— from /docs/man1.0.2/man1/x509.html
- the
-textswitch
prints out the certificate in text form. Full details are output including the public key, signature algorithms, issuer and subject names, serial number any extensions present, and any trust settings.
