1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
#!/bin/bash
KEY=$1
CRT=$2
IMM=$3
if [ "`cat $KEY | grep ENCRYPTED`" ]; then
echo >&2 "Key is password-protected"
exit 1
fi
KEYMOD=`openssl rsa -noout -modulus -in $KEY`
CRTMOD=`openssl x509 -noout -modulus -in $CRT`
if [ "$KEYMOD" != "$CRTMOD" ]; then
echo >&2 "Key doesn't match the certificate"
exit 1
fi
if [ -n "$IMM" ]; then
cat $CRT $IMM > bundle.crt
if [ "`openssl verify bundle.crt`" == "$CRT: OK" ]; then
echo "Done (bundle ok)"
exit 0
fi
fi
while true; do
if [ "`openssl verify $CRT`" == "$CRT: OK" ]; then
echo "Done"
exit 0
fi
NEXT=`openssl x509 -noout -issuer_hash -in $CRT`
if [ ! -f $NEXT ]; then
echo >&2 "Could not generate trusted bundle"
exit 1
fi
cat $CRT $NEXT > tmp.crt
mv tmp.crt bundle.crt
CRT="bundle.crt"
done
|
