x509lint is another popular Certificate Linter. It's written in C and should run nicely on the appliance.
Do the same thing with x509lint as we have previously done with ZLint, i.e.
- Write a script for pulling the source from GitHub, compiling a binary and packaging it as an additive for appliance.
- Create a wrapper script if necessary.
- Test the linter with EJBCA using an External Command Certificate Validator.
- Update the documentation on Confluence.
It appears to be using the same output syntax as certlint:
Messages will be output one per line. Each line will start with a single capital letter, a colon, and a space. The letters indicate the type of message:
B: Bug. Your certificate has a feature not handled by certlint.
I: Information. These are purely informational; no action is needed.
N: Notice. These are items known to cause issues with one or more implementations of certificate processing but are not errors according to the standard.
W: Warning. These are issues where a standard recommends differently but the standard uses terms such as "SHOULD" or "MAY".
E: Error. These are issues where the certificate is not compliant with the standard.
F: Fatal Error. These errors are fatal to the checks and prevent most further checks from being executed. These are extremely bad errors.