diff options
author | Aaron LI <aaronly.me@gmail.com> | 2016-02-03 14:24:07 +0800 |
---|---|---|
committer | Aaron LI <aaronly.me@gmail.com> | 2016-02-03 14:24:07 +0800 |
commit | f65c459b51bd1a1e4453a89512508de74f52e5b1 (patch) | |
tree | 3c78007c654103ee3f07d9f0fff500c835bd7e67 | |
parent | 20bda32d5ec8393fe28422d453207fa261a4b09a (diff) | |
download | dotfiles-f65c459b51bd1a1e4453a89512508de74f52e5b1.tar.bz2 |
Add _bin/get_cert.sh; Update README.md
-rw-r--r-- | README.md | 16 | ||||
-rwxr-xr-x | _bin/get_cert.sh | 39 |
2 files changed, 54 insertions, 1 deletions
@@ -7,15 +7,29 @@ Personal & collected dotfiles ~~~ * `freebsd`: FreeBSD-specific configurations +# Configuration Notes + +## Gmail IMAP +* 'Auto-Expunge' => off: for better performance + +## msmtp: TLS +* ``tls_fingerprint``: + ``$ msmtp --serverinfo --tls --tls-certcheck=off --host=<host>`` + +## offlineimap: fingerprint +Use the little script ``_bin/get_cert.sh`` + # Explicit home or other path Following files contains (at least currently) the *explicit* home or other paths: +* ``_notmuch-config``: database.path * ``_config/alot/config``: maildir + Distributed under MIT License. Aaron LI -GnuPG key: Aaron LI <aaronly.me@gmail.com> +GnuPG key: Aaron LI <aaronly.me@gmail.com> <aaronly.me@outlook.com> Fingerprint: AC34 64FA DAAE 6321 8609 9CA6 240E 2A63 5D72 729A diff --git a/_bin/get_cert.sh b/_bin/get_cert.sh new file mode 100755 index 0000000..3cf44d1 --- /dev/null +++ b/_bin/get_cert.sh @@ -0,0 +1,39 @@ +#!/bin/sh +# +# Get the certificate of a server +# +# Reference: +# [1] ArchWiki - Isync +# https://wiki.archlinux.org/index.php/Isync +# +# Aaron LI +# Created: 2016-01-30 +# + +if [ $# -ne 1 ] && [ $# -ne 2 ]; then + echo "Usage:" + echo " `basename $0` <host>:<port> [ output.pem ]" + exit 1 +fi + +SERVER="$1" +HOST=`echo "${SERVER}" | cut -d':' -f1` +PORT=`echo "${SERVER}" | cut -d':' -f2` +PEM="$2" +[ -z "${PEM}" ] && PEM="${HOST}.pem" + +openssl s_client -connect ${HOST}:${PORT} -showcerts 2>&1 < /dev/null | \ + sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | \ + sed -ne '1,/-END CERTIFICATE-/p' > ${PEM} + +FINGERPRINT=`openssl x509 -noout -in ${PEM} -fingerprint -sha1 | cut -d'=' -f2` +FINGERPRINT2=`echo "${FINGERPRINT}" | tr -d ':' | tr '[[:upper:]]' '[[:lower:]]'` + +NOT_BEFORE=`openssl x509 -noout -in ${PEM} -dates | grep 'notBefore' | cut -d'=' -f2` +NOT_AFTER=`openssl x509 -noout -in ${PEM} -dates | grep 'notAfter' | cut -d'=' -f2` + +echo "Fingerprint_SHA1: ${FINGERPRINT} / ${FINGERPRINT2}" +echo "Validity: ${NOT_BEFORE} - ${NOT_AFTER}" +echo "Certificate save to file: ${PEM}" +echo "Place the certificate to a cert directory, and rehash with 'c_rehash'" + |