Using a zonefile to find all servers using a wildcard SSL certificate

I recently had to renew a wildcard SSL certificate. The certificate is being used on a couple of servers and I was too lazy to look through all of my Ansible repositories to find out where.

A friend had the idea to use the zone file for that domain. I pulled the zonefile, stripped it down to the subdomains (removing all other record information), de-duplicated and sorted it.

Now I got a long list of subdomains/strings. A simple loop connects to all domains using openssl and prints an error or the certificate dates.

for i in (cat zonefile)
    echo $i
    echo \
    | openssl s_client -connect $i.<DOMAIN>:443 2> /dev/null \
    | openssl x509 -noout -dates
end

So I knew which server is using the wildcard certificate and which was about to expire.

Maybe I should start working on a central SSL termination…

 
5
Kudos
 
5
Kudos

Now read this

POST Data with .net Html Agility Pack

I’m using the Html Agility Pack for getting and parsing HTML pages. It offers many possibilities, including XPath selectors. Today I had a problem with posting data to a webpage. It’s possible to call the HtmlWeb Load function with a... Continue →