#!/bin/bash
#
# Show SSL Certificate info with openssl.
# Inspired by https://cheat.sh/openssl
#

# Alternativen aus https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html
# echo | openssl s_client -connect www.gaiselmann.de:443 2>&1 | openssl x509 -noout -text -fingerprint -sha256
# echo | openssl s_client -connect www.gaiselmann.de:443 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
#
function show-cert() {
    local host=$1
    local port=${2:-443}
    local type=${3:short}

    echo "Certificate info for $host:$port"
    echo
    if [ "$type" == "pem" ]; then
        echo | openssl s_client -connect "$host:$port" 2> /dev/null | \
            awk '/-----BEGIN/,/END CERTIFICATE-----/'
    else
        echo | openssl s_client -connect "$host:$port" 2> /dev/null | \
            awk '/-----BEGIN/,/END CERTIFICATE-----/' | \
            openssl x509 -noout -subject -dates
    fi
}

if [ $# -lt 1 ]; then
    echo "Usage: $0 <option> host <port>"
    echo
    echo "    host:     hostname to get Certificate"
    echo "    port:     optional port (default is 443)"
    echo "    options:  "
    echo "          -v  verbose, print certificate (PEM format)"
    exit 42
fi

while getopts "v" opt; do
    case $opt in
        v)
            shift
            type=pem
            ;;
        *)
            ;;
    esac
done

show-cert "$1" "$2" "$type"