OpenSSL命令验证证书是否被撤销
前言
验证证书是否被撤销。
脚本代码
#!/bin/sh if [[ "$1" = "" || "$2" = "" || "$3" = "" ]]; then echo "certSignVerify.sh CAfile certfile crl" exit 0; fi res=`openssl verify -CAfile $1 -verbose $2 |awk -F ' ' 'BEGIN {} {print $2} END {}'` isInCrl="" if [[ "$res" = "OK" ]]; then certSerial=`openssl x509 -in $2 -serial -noout` serialNum=`openssl crl -in crl.crl -text -inform DER | grep 'Serial Number' | awk -F ':' 'BEGIN {} {print $2} END {}'` serialArray=($serialNum) for (( i=0; i< ${#serialArray[@]} ; i++ )); do if [[ "$certSerial" = "${serialArray[i]}" ]]; then isInCrl="in" break; fi done else echo "cert Verify error" fi if [[ "$isInCrl" = "" ]]; then echo "not in crl" else echo "in crl" fi
测试
脚本执行格式:./test.sh rsaca.cer rsa1.cer crl.crl