Extract all SSL certificate’s chain from an URL

This command allows you to extract all SSL certificate’s chain from an URL. In order to use it, replace server_url with the server address you want to process:

openssl s_client -showcerts -verify 5 -connect <server_URL>:443 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="cert"a".pem"; print >out}' for cert in *.pem; do newname=$(openssl x509 -noout -subject -in $cert | sed -n 's/^.*CN=\(.*\)$/\1/; s/[ ,.*]/_/g; s/__/_/g; s/^_//g;p').pem; mv $cert $newname; done

The command will create 3 separates files, each one named with the Common Name of the corresponding certificate.

FortiClient SSL VPN: failure stages

FortiClient SSL VPN failure stages and what they mean. If FortiClient fails as the following stages, the likely cause is as follows:

  • 10% – Local Network/PC issue
  • 40% – Application or the Fortigate causing the error, occasionally caused by the local machines/network setup
  • 45% – MultiFactor Authentication
  • 80% – Username/Password issue
  • 98% – corruption of services/often resolved by reinstalling the client on the laptop.

SSL in Varnish Cache Plus

Varnish Software announced that they finished implementing SSL in Varnish Cache Plus.

The release will happen at at Varnish summit in Silicon Valley in early June.

Varnish Cache Plus is both a HTTP server and a HTTP client and both implementations will have SSL enabled. The HTTP Server, ie the client facing SSL is perhaps the most significant one, enabling Varnish Cache Plus to encrypt traffic between the client and Varnish.

Read more at: SSL in Varnish Cache Plus