Check for certs affected by July 2020 OCSP intermediate incident
A number of certificate authorities have issued intermediate certificates that can be abused to sign OCSP responses. The technical details are explained here:
This script checks if web hosts send an intermediate certificate that is among the affected certificates. If your web page is affected this means you should ask your CA to replace the certificate.
The script is self-contained and contains a list of hashes of the affected certificates. (Using a dirty trick to make this simple, the hashes are added as a comment and the script greps itself for them.)
This script checks all certificates sent by an HTTPS host. It does not consider a few edge cases. Web hosts can be configured to not send intermediates, in most cases this will still work because browsers cache intermediates and some implement so-called AIA fetching. Such hosts wouldn't be detected.
Also theiretically there could be complex certificate chains that might contain one of the affected certificates, but that can still be validated through another certificate path.
This script was written by Hanno Böck, https://hboeck.de/