Open tlhackque opened 5 years ago
At least with OpenSSL 1.1.1b, ssl-cert-check reports blanks for the certificate details. (issuer, common name,)
Apparently, OpenSSL changed the default format for printing names. e.g.
openssl x509 -in ww.pem -issuer -noout -inform pem issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
instead of
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
To fix: Where you currently have, e.g.:
CERTISSUER=$(${OPENSSL} x509 -in ${CERTFILE} -issuer -noout -inform ${CERTTYPE} |
you now need
CERTISSUER=$(${OPENSSL} x509 -nameopt compat -in ${CERTFILE} -issuer -noout -inform ${CERTTYPE} |
and so on for the other x509 commands.
It's harmless to include -nameopt compat on the commands that get other items, so you can just do a global replace of OPENSSL} x509 with OPENSSL} x509 -nameopt compat.
-nameopt compat
OPENSSL} x509
OPENSSL} x509 -nameopt compat
At least with OpenSSL 1.1.1b, ssl-cert-check reports blanks for the certificate details. (issuer, common name,)
Apparently, OpenSSL changed the default format for printing names. e.g.
instead of
To fix: Where you currently have, e.g.:
you now need
and so on for the other x509 commands.
It's harmless to include
-nameopt compat
on the commands that get other items, so you can just do a global replace ofOPENSSL} x509
withOPENSSL} x509 -nameopt compat
.