From 1550f5eeddeb941f9af97e3d2ab6de9e93910473 Mon Sep 17 00:00:00 2001
From: Eric Heydrick <eheydrick@gmail.com>
Date: Mon, 25 Sep 2017 23:23:13 -0700
Subject: [PATCH] Export cert in PEM format to fix tests that broke in Trusty
 travis workers

---
 CHANGELOG.md                    | 3 +++
 bin/check-java-keystore-cert.rb | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9c48952..d9fa533 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,9 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
 - `check-ssl-hsts-preload.rb`: Added check for testing preload status of HSTS
 - `check-ssl-hsts-preloadable.rb`: Added check for testing if a domain can be HSTS preloaded
 
+### Fixed
+- `check-java-keystore-cert.rb`: Export cert in PEM format to fix tests that broke going from Precise to Trusty travis workers (@eheydrick)
+
 ## [1.4.0] - 2017-06-20
 ### Added
 - `check-ssl-anchor.rb`: Add check for a specific root certificate signature. (@pgporada)
diff --git a/bin/check-java-keystore-cert.rb b/bin/check-java-keystore-cert.rb
index cd3e07a..45000f0 100755
--- a/bin/check-java-keystore-cert.rb
+++ b/bin/check-java-keystore-cert.rb
@@ -56,8 +56,8 @@ class CheckJavaKeystoreCert < Sensu::Plugin::Check::CLI
   def certificate_expiration_date
     result = `keytool -keystore #{Shellwords.escape(config[:path])} \
                       -export -alias #{Shellwords.escape(config[:alias])} \
-                      -storepass #{Shellwords.escape(config[:password])} 2>&1 | \
-              openssl x509 -enddate -inform der -noout 2>&1`
+                      -storepass #{Shellwords.escape(config[:password])} -rfc 2>&1 | \
+              openssl x509 -enddate -noout 2>&1`
 
     # rubocop:disable Style/SpecialGlobalVars
     unknown 'could not get certificate from keystore' unless $?.success?