Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update certificate "report" format to indicate SANs list count for SANs entries line #630

Open
atc0005 opened this issue Aug 3, 2023 · 0 comments
Open

Update certificate "report" format to indicate SANs list count for SANs entries line #630

atc0005 opened this issue Aug 3, 2023 · 0 comments
Assignees
@atc0005
Labels
app/lscert enhancement New feature or request output/extended Long Service Output (aka, "extended" or "detailed") plugin/check_cert
Milestone
v0.19.0

Comments

@atc0005
Copy link
Owner

atc0005 commented Aug 3, 2023

Current output from running lscert against go.dev:

$ lscert go.dev


======================
CERTIFICATES | SUMMARY
======================

- OK: 3 certs retrieved for service running on go.dev (216.239.32.21) at port 443 using host value "go.dev"
- OK: Hostname validation using value "go.dev" successful for leaf certificate
- OK: SANs List validation ignored: 0 SANs entries specified, 1 SANs entries on leaf cert [0 EXPECTED, 0 MISSING, 0 UNEXPECTED]
- OK: Expiration validation successful: leaf cert "go.dev" expires next with 73d 15h remaining (until 2023-10-16 04:54:45 +0000 UTC) [EXPIRED: 0, EXPIRING: 0, OK: 3]


============================
CERTIFICATES | CHAIN DETAILS
============================

Certificate 1 of 3 (leaf):
        Name: CN=go.dev
        SANs entries: [go.dev]
        Issuer: CN=GTS CA 1D4,O=Google Trust Services LLC,C=US
        Serial: 31:29:1A:D6:FB:1C:DA:63:0A:28:30:F3:E0:21:A6:53
        Issued On: 2023-07-18 04:12:38 +0000 UTC
        Expiration: 2023-10-16 04:54:45 +0000 UTC
        Status: [OK] 73d 15h remaining

Certificate 2 of 3 (intermediate):
        Name: CN=GTS CA 1D4,O=Google Trust Services LLC,C=US
        SANs entries: []
        Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US
        Serial: 02:00:8E:B2:02:33:36:65:8B:64:CD:DB:9B
        Issued On: 2020-08-13 00:00:42 +0000 UTC
        Expiration: 2027-09-30 00:00:42 +0000 UTC
        Status: [OK] 1518d 10h remaining

Certificate 3 of 3 (intermediate):
        Name: CN=GTS Root R1,O=Google Trust Services LLC,C=US
        SANs entries: []
        Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
        Serial: 77:BD:0D:6C:DB:36:F9:1A:EA:21:0F:C4:F0:58:D3:0D
        Issued On: 2020-06-19 00:00:42 +0000 UTC
        Expiration: 2028-01-28 00:00:42 +0000 UTC
        Status: [OK] 1638d 10h remaining

Proposed change:

- SANs entries: [go.dev]
+ SANs entries (1): [go.dev]

Offhand I don't recall whether certsum provides SANs list indicators.
@atc0005 atc0005 added enhancement New feature or request plugin/check_cert app/lscert output/extended Long Service Output (aka, "extended" or "detailed") labels Aug 3, 2023
@atc0005 atc0005 added this to the Future milestone Aug 3, 2023
@atc0005 atc0005 self-assigned this Aug 3, 2023
@atc0005 atc0005 modified the milestones: Future, Next Next Release Sep 25, 2024
@atc0005 atc0005 pinned this issue Sep 25, 2024
atc0005 added a commit that referenced this issue Sep 26, 2024
@atc0005
Add SANs list count to cert summary output
929734d 
Minor tweak to the "SANs entries" line in summary output to
include the total count of SANs entries for the cert or
"None" in place of the previous set of empty brackets.

refs GH-630
@atc0005 atc0005 mentioned this issue Sep 26, 2024
Merged
@atc0005 atc0005 unpinned this issue Sep 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atc0005 atc0005

Labels
app/lscert enhancement New feature or request output/extended Long Service Output (aka, "extended" or "detailed") plugin/check_cert
Projects
None yet
Milestone
v0.19.0
Development

No branches or pull requests
1 participant
@atc0005