#!/bin/bash ############################################################# # Script name: template.sh # Author: Gilles Mouchet (gilles.mouchet@gmail.com # Version: v1beta 2026-04-05 # Description: Script template linux # License: CC BY-NC 4.0 (https://creativecommons.org/licenses/by-nc/4.0/) # # This script is provided "as is", WITHOUT ANY WARRANTY OF ANY KIND. # Commercial use is strictly prohibited without prior authorization. # # Changelog # [1.0.0] - 2026-04-05 # Project initialization # - initialization by gilles.mouchet@gmail.com # ############################################################ # version=v1beta ############################################################ # FUNCTIONS ############################################################ #----------------------------------------------------------- # Display usage usage() { cat << EOF Usage: ./$(basename "$0") options Template script Options: -a, --all - show all cert information -c, --list-ca - list all CA name -h, --help - show this help -v, --version - show script version Examples: List all CA name ./$(basename "$0") --list-ca Show this help ./$(basename "$0") -h List EOF } ############################################################ # MAIN ############################################################ # var for config file progName=`echo $0 | sed -e 's|.*/||g' | cut -f1 -d.` confDir=/etc/own-pki cfgFile=${confDir}/own-pki.conf # check if conf file or passphrase file exist #if [ ! -f $cfgFile ]; then # echo "$progName not installed correctly. Please run install.sh script" # exit 1 #fi # read config file . $cfgFile # check if param exist if [ -z "$1" ]; then usage exit 1 fi # read cli parameters while [[ "$#" -gt 0 ]]; do case "$1" in -a|--all) files=( $certPath/*.crt ) for f in "${files[@]}"; do openssl x509 -in $f -text -noout | grep "CA:TRUE" > /dev/null if [ "$?" == "1" ]; then filename=$(basename "$f" .crt) #echo "CA name: $filename" commonName=$(openssl x509 -in $f -noout -subject -nameopt RFC2253 | sed -n 's/^.*CN=\([^,]*\).*$/\1/p') # Infos principales #subject=$(openssl x509 -in "$f" -noout -subject -nameopt RFC2253 | sed 's/^subject=//') issuer=$(openssl x509 -in "$f" -noout -issuer -nameopt RFC2253 | sed 's/^issuer=//') startdate=$(openssl x509 -in "$f" -noout -startdate | cut -d= -f2) enddate=$(openssl x509 -in "$f" -noout -enddate | cut -d= -f2) # SAN brut san_raw=$(openssl x509 -in "$f" -noout -text \ | awk '/Subject Alternative Name/ {getline; print}') # dns and ip extraction dns_list=$(echo "$san_raw" | grep -o 'DNS:[^,]*' | sed 's/DNS://g'| tr '\n' ' '| sed 's/ $//') ip_list=$(echo "$san_raw" | grep -o 'IP Address:[^,]*' | sed 's/IP Address://g'| tr '\n' ' '| sed 's/ $//') echo "\"$f\";\"$commonName\";\"$issuer'\";\"$dns_list\";\"$ip_list\";\"$startdate\";\"$enddate\"" fi done shift ;; -c|--list-ca) files=( $certPath/*.crt ) for f in "${files[@]}"; do openssl x509 -in $f -text -noout | grep "CA:TRUE" > /dev/null if [ "$?" == "0" ]; then filename=$(basename "$f" .crt) echo "CA name: $filename" fi done shift ;; version|-v|--version) cat << EOF $(basename "$0") $version (c) 1990 - $(date +%Y) by Gilles Mouchet This script is provided "as is", WITHOUT ANY WARRANTY OF ANY KIND. Non-Commercial Use License – See LICENSE for details EOF exit ;; *|help|-h|--help) usage exit ;; esac done