28 lines
828 B
Bash
Executable File
28 lines
828 B
Bash
Executable File
#!/usr/local/bin/bash
|
|
|
|
shopt -u nullglob
|
|
|
|
# Certificates path and names
|
|
DIR="/mnt/certs"
|
|
CERTS="${DIR}/*haproxy.pem"
|
|
|
|
for CERT in $CERTS; do
|
|
# Get the issuer URI, download it's certificate and convert into PEM format
|
|
ISSUER_URI=$(openssl x509 -in $CERT -text -noout | grep 'CA Issuers' | cut -d: -f2,3)
|
|
ISSUER_NAME=$(echo ${ISSUER_URI} | cut -d/ -f3)
|
|
ISSUER_PEM="${DIR}/${ISSUER_NAME}.pem"
|
|
wget -q -O- $ISSUER_URI | openssl x509 -inform DER -outform PEM -out $ISSUER_PEM
|
|
|
|
# Get the OCSP URL from the certificate
|
|
ocsp_url=$(openssl x509 -noout -ocsp_uri -in $CERT)
|
|
|
|
# Extract the hostname from the OCSP URL
|
|
ocsp_host=$(echo $ocsp_url | cut -d/ -f3)
|
|
|
|
# Create/update the ocsp response file
|
|
openssl ocsp -noverify -no_nonce -issuer $ISSUER_PEM -cert $CERT -url $ocsp_url -header Host=$ocsp_host -respout ${CERT}.ocsp
|
|
|
|
done
|
|
|
|
exit 0
|