Closed lukastribus closed 2 years ago
Here a few different certificate types to test:
check_ssl_cert -H rsa2048.badssl.com
check_ssl_cert -H rsa4096.badssl.com
check_ssl_cert -H rsa8192.badssl.com
check_ssl_cert -H ecc256.badssl.com
check_ssl_cert -H ecc384.badssl.com
Are the certificates always x509 in the PKI? If so, this string may be removed?
Thank you, however this is basically always sha256WithRSAEncryption
:
$ ./check_ssl_cert --format "%SIGALGO%" -H rsa2048.badssl.com
sha256WithRSAEncryption|days_chain_elem1=78;20;15;; days_chain_elem2=1118;20;15;; days_chain_elem3=768;20;15;;
$ ./check_ssl_cert --format "%SIGALGO%" -H rsa4096.badssl.com
sha256WithRSAEncryption|days_chain_elem1=78;20;15;; days_chain_elem2=1118;20;15;; days_chain_elem3=768;20;15;;
$ ./check_ssl_cert --format "%SIGALGO%" -H ecc256.badssl.com
sha256WithRSAEncryption|days_chain_elem1=78;20;15;; days_chain_elem2=1118;20;15;; days_chain_elem3=768;20;15;;
$
The information is Peer signature type
and Server public key is
:
$ openssl s_client -showcerts -connect ecc256.badssl.com:443 2>&1 | grep -e "signature type" -e "Server public key is"
Peer signature type: ECDSA
Server public key is 256 bit
^C
$ openssl s_client -showcerts -connect ecc384.badssl.com:443 2>&1 | grep -e "signature type" -e "Server public key is"
Peer signature type: ECDSA
Server public key is 384 bit
^C
$ openssl s_client -showcerts -connect rsa2048.badssl.com:443 2>&1 | grep -e "signature type" -e "Server public key is"
Peer signature type: RSA
Server public key is 2048 bit
^C
$ openssl s_client -showcerts -connect rsa4096.badssl.com:443 2>&1 | grep -e "signature type" -e "Server public key is"
Peer signature type: RSA
Server public key is 4096 bit
^C
$
The script is currently reading Signature Algorithm
and not Public Key Algorithm
and Public-Key
Fixed in bc4fa02
Great, thank you!
Is your feature request related to a problem? Please describe.
Specifying bit size and certificate type of the certificate in the plugin output.
Describe the solution you'd like
Add something like
2048bit RSA certificate
/256 bits EC
:SSL_CERT OK - example.net:443, https, x509 2048 bit RSA certificate 'example.net' from 'ABC Ca' valid until Nov 3 22:59:00 2022 GMT (expires in 71 days)