SSL

Check certificate
https://www.ssllabs.com/ssltest/analyze.html
http://www.panticz.de/Check-SSL-TLS-server-encryption-support

Determine SSL certificate expiration date

openssl x509 -enddate -noout -in www.example.com.pem

List certificate domains

cat *.{crt,pem} | openssl x509 -text | grep DNS
openssl s_client -showcerts -connect www.example.com:443 | openssl x509 -text  | grep DNS

Remove password from private key

openssl rsa -in www.example.key.pass -out www.example.key

Cat / deploy certificate to remote host

ssh host1.example.com cat /root/certificates/example.com/{fullchain1.pem,privkey1.pem} | ssh ${HOST} "cat > /etc/haproxy/ssl/example.com.pem"

Get certificate information

for CERT in *.pem; do
    openssl x509 -subject -enddate -noout -in ${CERT} | paste - -
done
 
# show all data
openssl x509 -in cert.pem -text -noout
 
# show expiration date
openssl x509 -enddate -noout -in cert.pem
 
# show expiration date from p12 file
openssl pkcs12 -in cert1.p12 -legacy -passout pass: -passin pass: | openssl x509 -noout -enddate
 
# show start date
openssl x509 -startdate -noout -in cert.pem
 
# show containing DNS names
openssl x509 -text -noout -in fullchain.pem | grep DNS
 
# show Issuer
openssl x509 -text -noout -in cert.pem | grep Issuer

Show expiration date for multiple certificates

for DIR in $(find * -maxdepth 0 -type d); do
    echo -n "${DIR}: "
    eval openssl x509 -enddate -noout -in "${DIR}/cert*.pem"
done

Marge certificate

openssl dhparam -out dh_parameters.out 2048
 
for FILE in __example_com.crt QuoVadis_Global_SSL_ICA_G2.crt QuoVadis_Root_CA_2.crt *.key dh_parameters.out; do
    cat "${FILE}"
    echo
done | sed -e "s/\r//g" | sed '/^$/d' > _.example.com.pem
 
# deploy certificate
rsync --chmod=400 _.example.com.pem root@www1.example.com:/etc/haproxy/ssl/

Letsencrypt
http://www.panticz.de/letsencrypt

Test mailserver SSL
https://ssl-tools.net/mailservers/

Online certificate test
https://www.ssllabs.com/ssltest/analyze.html

# check local certificate
openssl x509 -text -in /etc/ssl/certs/example.com.pem
 
# check remote certificate
openssl s_client -connect example.com:443 | openssl x509 -text -noout
 
openssl s_client -starttls smtp -connect  smtp.example.com:25

OpenStack Wildcard
https://blog.sleeplessbeastie.eu/2016/11/14/how-to-generate-self-signed-ssl-certificate/

Links
http://panticz.de/apache2_openssl_certificate
http://www.panticz.de/Install-SSL-CA-Certificate