Unix & Linux Asked on December 15, 2021
I have a cloud setup with 6 front end computers using Apache. I installed a new SSL certificate. Now I want to verify that all the machines have the certificate.
The problem is if I just use https://www.example.com/ the IP address is going to be randomly assigned and I will be able to verify one of the computers. The DNS returns one of the 6 IP addresses in a simple form of round robins.
I know how to force the IP address on my computer using the /etc/hosts file, but I am hoping that there could be an easier way to do that. Like using curl and specifying the IP address along the domain name?
I prefer to have it as command line (wget, curl, open_ssl…) so that way I can write a script and verify the date of the certificate in an automated way and make sure all the computers present the correct certificate. The command should download the certificate so it can be checked on my client computer.
You can given an explicit IP address to curl for the site in question, i.e.
$ curl --resolve example.com:443:192.0.2.4 https://example.com
You can also use openssl s_client with the IP and give an explicit hostname for SNI:
$ openssl s_client -connect 192.0.2.4:443 -servername example.com
Answered by Steffen Ullrich on December 15, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP