From f3ffcd395193735d4dd2bf40d8352f077567da45 Mon Sep 17 00:00:00 2001 From: Bartomeu Miro Mateu Date: Fri, 12 Jul 2019 12:50:50 +0200 Subject: [PATCH 1/2] FIX capture subject on Ubuntu 18.04+OpenSSL 1.1.0g --- cert-renewal-haproxy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cert-renewal-haproxy.sh b/cert-renewal-haproxy.sh index 4712a23..5f52652 100755 --- a/cert-renewal-haproxy.sh +++ b/cert-renewal-haproxy.sh @@ -66,7 +66,7 @@ renewed_certs=() exitcode=0 while IFS= read -r -d '' cert; do if ! openssl x509 -noout -checkend $((4*7*86400)) -in "${cert}"; then - subject="$(openssl x509 -noout -subject -in "${cert}" | grep -o -E 'CN=[^ ,]+' | tr -d 'CN=')" + subject="$(openssl x509 -noout -subject -in "${cert}" | rev | cut -d'=' -f1 | rev | awk '{$1=$1};1')" subjectaltnames="$(openssl x509 -noout -text -in "${cert}" | sed -n '/X509v3 Subject Alternative Name/{n;p}' | sed 's/\s//g' | tr -d 'DNS:' | sed 's/,/ /g')" domains="-d ${subject}" for name in ${subjectaltnames}; do From db7b142be8e65ea78dabaa007e1ac870c8a7f701 Mon Sep 17 00:00:00 2001 From: Bartomeu Miro Mateu Date: Fri, 12 Jul 2019 14:15:56 +0200 Subject: [PATCH 2/2] Parsing certificate subject using sed --- cert-renewal-haproxy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cert-renewal-haproxy.sh b/cert-renewal-haproxy.sh index 5f52652..0cd4614 100755 --- a/cert-renewal-haproxy.sh +++ b/cert-renewal-haproxy.sh @@ -66,7 +66,7 @@ renewed_certs=() exitcode=0 while IFS= read -r -d '' cert; do if ! openssl x509 -noout -checkend $((4*7*86400)) -in "${cert}"; then - subject="$(openssl x509 -noout -subject -in "${cert}" | rev | cut -d'=' -f1 | rev | awk '{$1=$1};1')" + subject="$(openssl x509 -noout -subject -in "${cert}" | sed -r 's/.*CN ?= ?(.*)/\1/')" subjectaltnames="$(openssl x509 -noout -text -in "${cert}" | sed -n '/X509v3 Subject Alternative Name/{n;p}' | sed 's/\s//g' | tr -d 'DNS:' | sed 's/,/ /g')" domains="-d ${subject}" for name in ${subjectaltnames}; do