我们为基础设施配备了定制的 CA 证书
我编写了 puppet 模块来安装 CA 证书:
exec {"update-ca-trust extract":
path => ['/bin', '/usr/bin', '/sbin'],
provider => shell,
command => "update-ca-trust extract",
unless => "awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt | grep Custom",
}
我的问题仅与此字符串有关:
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt | grep CustomCAcertificate
有没有更好的方法来检查 CentOS 上是否存在自定义 CA 证书?