@@ -313,33 +313,34 @@ is_web_domain_cert_valid() {
313313
314314 crt_vrf=$( openssl verify $ssl_dir /$domain .crt 2>&1 )
315315 if [ ! -z " $( echo $crt_vrf | grep ' unable to load' ) " ; then
316- echo " Error: certificate is not valid"
316+ echo " Error: SSL Certificate is not valid"
317317 log_event " $E_INVALID " " $EVENT "
318318 exit $E_INVALID
319319 fi
320320
321321 if [ ! -z " $( echo $crt_vrf | grep ' unable to get local issuer' ) " ; then
322322 if [ ! -e " $ssl_dir /$domain .ca" ; then
323- echo " Error: certificate authority not found"
323+ echo " Error: Certificate Authority not found"
324324 log_event " $E_NOTEXIST " " $EVENT "
325325 exit $E_NOTEXIST
326326 fi
327327 fi
328328
329329 if [ -e " $ssl_dir /$domain .ca" ; then
330- crt_vrf=$( openssl verify -purpose sslserver \
331- -CAfile $ssl_dir /$domain .ca $ssl_dir /$domain .crt 2> /dev/null | \
332- grep ' OK' )
333- if [ -z " $crt_vrf " ; then
334- echo " Error: root or/and intermediate cerificate not found"
330+ s1=$( openssl x509 -text -in $ssl_dir /$domain .crt 2> /dev/null)
331+ s1=$( echo " $s1 " | grep Issuer | awk -F = ' {print $6}' | head -n1)
332+ s2=$( openssl x509 -text -in $ssl_dir /$domain .ca 2> /dev/null)
333+ s2=$( echo " $s2 " | grep Subject | awk -F = ' {print $6}' | head -n1)
334+ if [ " $s1 " != " $s2 " ; then
335+ echo " Error: SSL intermediate chain is not valid"
335336 log_event " $E_NOTEXIST " " $EVENT "
336337 exit $E_NOTEXIST
337338 fi
338339 fi
339340
340341 key_vrf=$( grep ' PRIVATE KEY' $ssl_dir /$domain .key | wc -l)
341342 if [ " $key_vrf " -ne 2 ]; then
342- echo " Error: ssl key is not valid"
343+ echo " Error: SSL Key is not valid"
343344 log_event " $E_INVALID " " $EVENT "
344345 exit $E_INVALID
345346 fi
0 commit comments