Forum Discussion
Dec 21, 2016
Good stuff. Then if the output you got from the script was ONLY errors you should be sha1 free. 🙂
You can try this script as well to get some more output. If it works as expected you should see:
Here's the sha1 certificates:
... list of SHA1 certificate if any
Here's Here's the SHA256/384/512 certificates:
... list of SHA256/384/512 certificates
And here's the script:
echo "Here's the sha1 certificates:"
for c in `ls --format single-column /config/ssl/ssl.crt/certificate_d/`;
do
arr=($(openssl x509 -noout -text -in /config/ssl/ssl.crt/certificate_d/${c} |grep -E "sha1"))
if [ -n "${arr[2]}" ]
then
echo "SHA1: ${c}"
fi
done
echo "Here's the SHA256/384/512 certificates:"
for c in `ls --format single-column /config/ssl/ssl.crt/certificate_d/`;
do
arr2=($(openssl x509 -noout -text -in /config/ssl/ssl.crt/certificate_d/${c} | grep -E 'Signature\sAlgorithm\:\s+(sha|SHA)(256|384|512)'))
if [ -n "${arr2[2]}" ]
then
echo "SHA256/384/512: ${c}"
fi
done
Please ignore the certificates that had errors before. I don't have access to a linux shell at the moment so I can't write a reliable script to filter them out.
/Patrik