Using a zonefile to find all servers using a wildcard SSL certificate

I recently had to renew a wildcard SSL certificate. The certificate is being used on a couple of servers and I was too lazy to look through all of my Ansible repositories to find out where.

A friend had the idea to use the zone file for that domain. I pulled the zonefile, stripped it down to the subdomains (removing all other record information), de-duplicated and sorted it.

Now I got a long list of subdomains/strings. A simple loop connects to all domains using openssl and prints an error or the certificate dates.

for i in (cat zonefile)
    echo $i
    echo \
    | openssl s_client -connect $i.<DOMAIN>:443 2> /dev/null \
    | openssl x509 -noout -dates
end

So I knew which server is using the wildcard certificate and which was about to expire.

Maybe I should start working on a central SSL termination…

 
5
Kudos
 
5
Kudos

Now read this

FreeNas Server #2: Das Auspacken

Here is an english version of this article. Dies ist eine Serie von Beiträgen über den Bau eines eigenen FreeNAS Servers. Teil 1: Die Einzelteile Teil 2: Auspacken Teil 3: Zusammenbau Nachdem nun alle bestellen Teile eingetroffen sind,... Continue →