#!/bin/bash

[[ -z $2 ]] && echo -e \\n\\tusage: ${0##*/} \<host\> \<port\>\\n && exit 1

host=$1
port=$2

echo Q | openssl s_client -showcerts --verify_return_error -servername $host -connect $host:$port \
	-CAfile /etc/ssl/cacert.pem 2>/dev/null | grep Verif

# needs -untrusted for intermediate, using stdin doesn't work
#echo Q | openssl s_client -showcerts -servername $host -connect $host:$port 2>/dev/null \
#	| openssl verify -show_chain -CAfile /etc/ssl/cacert.pem