I have following bash script that checks the existence of a given SSL client certificate in Apache.
#!/bin/bash
cert=$1
echo | openssl s_client -connect localhost:443 | grep -q $cert > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo $cert "client cert already exist"
else
#Create a new client cert in Apache
fi
Even though I am sending stdout and stderr of openssl command to /dev/null, the command is still showing the following error to the console!
depth=3 C = OM, O = ORG, OU = For Staging, CN = ROOT CA - 1 verify error:num=19:self signed certificate in certificate chain verify return:0 /C=om/O=o/CN=MY_CERT DONE
The problem is that you're not actually sending openssl's stderr to /dev/null, but grep's.
To send openssl's stderr to /dev/null you need to put the redirection into the same part of the pipe as the openssl invocation. And as you're using grep -q you don't need any I/O redirection on grep.
This shoud do it:
echo | openssl s_client -connect localhost:443 2>/dev/null | grep -q $cert