I extracted netscape certs using the s_client switch. openssl s_client -connect host:port -showcerts > cert.pem
just get rid of everything but the -----Begin Cetificate----- .... -----End Certificate ----- in my case we use verisign certs and am presented with two certs. One being the intermediate cert, the other the server's cert. You can figure out which one is that of the server by the subject above the certificate. Not sure this is always the case. The resulting format is called pem. Ryan > On Fri, Jan 10, 2003 at 04:52:07PM -0000, Dicks, Gareth M wrote: >> Hi, >> >> I'm trying to write an automated script to check for pending expiry >> dates in >> SSL certs. I know how to get this info from a standard cert file in X509 >> format:- >> >> openssl x509 -in cert.cer -enddate >> >> The problem is I have inherited a set of iPlanet web servers with the >> certs >> already loaded with no sign of the original certificates. Does anyone >> know >> ant method of extracting the certs from the iPlanet database into a >> format >> that can be used with openssl? > > could you run s_client to talk to your servers? > >> >> Thanks, >> Gareth >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List [EMAIL PROTECTED] >> Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
