OpenSSL命令驗證證書是否被撤銷
前言
驗證證書是否被撤銷。
腳本代碼
#!/bin/sh
if [[ "$1" = "" || "$2" = "" || "$3" = "" ]]; then
echo "certSignVerify.sh CAfile certfile crl"
exit 0;
fi
res=`openssl verify -CAfile $1 -verbose $2 |awk -F ' ' 'BEGIN {} {print $2} END {}'`
isInCrl=""
if [[ "$res" = "OK" ]]; then
certSerial=`openssl x509 -in $2 -serial -noout`
serialNum=`openssl crl -in crl.crl -text -inform DER | grep 'Serial Number' | awk -F ':' 'BEGIN {} {print $2} END {}'`
serialArray=($serialNum)
for (( i=0; i< ${#serialArray[@]} ; i++ )); do
if [[ "$certSerial" = "${serialArray[i]}" ]]; then
isInCrl="in"
break;
fi
done
else
echo "cert Verify error"
fi
if [[ "$isInCrl" = "" ]]; then
echo "not in crl"
else
echo "in crl"
fi
測試
腳本執行格式:./test.sh rsaca.cer rsa1.cer crl.crl
