u/jw35/x509-utils.git
3 years agoTidy syntax based o pep8 and shellcheck advice master
Jon Warbrick [Tue, 25 Jul 2017 13:12:07 +0000 (14:12 +0100)]
Tidy syntax based o pep8 and shellcheck advice

3 years agoAdd md5 fingerprint
Jon Warbrick [Tue, 20 Jun 2017 10:48:37 +0000 (11:48 +0100)]
Add md5 fingerprint

md5 fingerprints might be useful and providing them isn't difficult.

3 years agoMake display-certificate display SHA-1 and SHA256 hashes
Jon Warbrick [Mon, 19 Jun 2017 17:24:12 +0000 (18:24 +0100)]
Make display-certificate display SHA-1 and SHA256 hashes

Both SHA-1 and SHA256 hashes are useful, so run 'openssl x509'
twice so we can diplay both. While we are at it, improve the way
we re-add the -----BEGIN' and '-----END' lines if they are missing.

3 years agoAdd display-key to do the obvious
Jon Warbrick [Fri, 2 Jun 2017 10:41:10 +0000 (11:41 +0100)]
Add display-key to do the obvious

3 years agoSwitch to displaying sha256 fingerprints in display-certificate
Jon Warbrick [Mon, 15 May 2017 15:33:57 +0000 (16:33 +0100)]
Switch to displaying sha256 fingerprints in display-certificate

..mainly becasue the UK federation now asks for confirmation
via sha256 fingerprints and it doesn't apear to be possible
to have more than one.

3 years agoRemove bogus ' from README.md
Jon Warbrick [Mon, 15 May 2017 15:33:05 +0000 (16:33 +0100)]
Remove bogus ' from README.md

3 years agoAdd all hostnames to SAN
Jon Warbrick [Fri, 12 May 2017 12:36:35 +0000 (13:36 +0100)]
Add all hostnames to SAN

Given that browsers now largely ignote hostnames in CN=, it seems
correct to include all posible hostnames as SANs. In practice
this is largely irrelavent becasue most/all CAs promote
hostnames in CN= to SANs anyway.

3 years agoFix --dump option
Jon Warbrick [Fri, 12 May 2017 11:00:42 +0000 (12:00 +0100)]
Fix --dump option

The openssl command used for certificate dumping was spelt 'opensslx'
(probably folowing testing!). Corrected.

3 years agoChange REDME.md formating to make it work on UIS Git service
Jon Warbrick [Mon, 9 Jan 2017 12:40:21 +0000 (12:40 +0000)]
Change REDME.md formating to make it work on UIS Git service

4 years agoNull change to force interpretation of hooks.readme-file
Jon Warbrick [Mon, 21 Dec 2015 15:41:01 +0000 (15:41 +0000)]
Null change to force interpretation of hooks.readme-file

5 years agoAdded copyright statement to make-csr
Jon Warbrick [Tue, 12 May 2015 11:11:07 +0000 (12:11 +0100)]
Added copyright statement to make-csr

5 years agoRationalise exit codes; tidy error messages
Jon Warbrick [Mon, 11 May 2015 07:05:30 +0000 (08:05 +0100)]
Rationalise exit codes; tidy error messages

5 years agoFixup more characters when creating output filenames
Jon Warbrick [Mon, 11 May 2015 06:50:08 +0000 (07:50 +0100)]
Fixup more characters when creating output filenames

Rather than just converting '.' to '_' when making the first host name into
something we can use as a output filename, do this to anything that isn't a
letter or a digit. While such things aren't legal in hostnames there nothing
to say that uses won't try to use them...

5 years agoChanged user interafce (again) - added --file option
Jon Warbrick [Sun, 10 May 2015 20:18:26 +0000 (21:18 +0100)]
Changed user interafce (again) - added --file option

Reding host names from stdin (while handy) is potentially confusing
because the program seems to hang. So change things so it
reads host names from the command line, and from a file
identified by --file. That way we can print an error message if
it's run with neither.

5 years agoImprove usage information; add --dump
Jon Warbrick [Sat, 9 May 2015 14:05:49 +0000 (15:05 +0100)]
Improve usage information; add --dump

Improved the --help usage information, and added a hint of what to do
if the program seems to hang reading from stdin

Also added the --dump option to display the content of the CSR on the screen

5 years agoDon't clobber existing key/csr on openssl failure
Jon Warbrick [Fri, 8 May 2015 07:01:12 +0000 (08:01 +0100)]
Don't clobber existing key/csr on openssl failure

openssl doesn't seem to reliably set a return code on failure. Previously
we deleted the target key/csr file before running so we could detect their
re-creation. But this clobbers existing files following failure. Change
the logic to output key/csr to temporary files (which we are free to delete
in advance) and then rename them afterwards.

The only obvious downside to this is that openssl annoyingly says "writing
new private key to 'l.key.new'" which we'd rather keep quiet about...

5 years agoTidy spelling in README
Jon Warbrick [Thu, 7 May 2015 12:51:37 +0000 (13:51 +0100)]
Tidy spelling in README

5 years agoFixed layout in README
Jon Warbrick [Thu, 7 May 2015 12:49:17 +0000 (13:49 +0100)]
Fixed layout in README

5 years agoUpdated README.md for make-csr
Jon Warbrick [Thu, 7 May 2015 12:48:03 +0000 (13:48 +0100)]
Updated README.md for make-csr

5 years agoAdded make-csr
Jon Warbrick [Thu, 7 May 2015 12:37:33 +0000 (13:37 +0100)]
Added make-csr

5 years agoAdded a LIVENCE.txt
Jon Warbrick [Sun, 3 May 2015 11:00:21 +0000 (12:00 +0100)]
Added a LIVENCE.txt

5 years agoFix README.md formatting AGAIN
Jon Warbrick [Sun, 3 May 2015 10:23:31 +0000 (11:23 +0100)]
Fix README.md formatting AGAIN

5 years agoNote application of display-certificate to Shibboleth
Jon Warbrick [Sun, 3 May 2015 10:18:38 +0000 (11:18 +0100)]
Note application of display-certificate to Shibboleth

The Shibboleth consortium's Shibboleth software stores X509
certificates in its configuration file without the traditional
'BEGIN/END' lines, and commonly indented. This script was originally
written to make it easi(er) to find out what they contain.

5 years agoNote dependancy on openssl command
Jon Warbrick [Sun, 3 May 2015 10:16:17 +0000 (11:16 +0100)]
Note dependancy on openssl command

5 years agoFurther README.md fuxup
Jon Warbrick [Sun, 3 May 2015 10:12:00 +0000 (11:12 +0100)]
Further README.md fuxup

5 years agoFix README.md formatting
Jon Warbrick [Sun, 3 May 2015 10:10:39 +0000 (11:10 +0100)]
Fix README.md formatting

5 years agoUpdate descriptions; fix dates in get-sha1
Jon Warbrick [Sun, 3 May 2015 10:08:16 +0000 (11:08 +0100)]
Update descriptions; fix dates in get-sha1

Add script descriptions in README.md and correct similar comments
in the scripts.

Update the threshold dates and versions in get-sha1 to alow for
Google having moved the goalposts.

5 years agoInitial import of scriptsy
Jon Warbrick [Sun, 3 May 2015 09:51:57 +0000 (10:51 +0100)]
Initial import of scriptsy

5 years agoInitial commit
Jon Warbrick [Sun, 3 May 2015 09:47:57 +0000 (10:47 +0100)]
Initial commit