check TLS endpoint with mutual auth enabled

#!/bin/bash

script_path=$(dirname $0)
log_owner=jxadmin
log_group=wasadmin

apps=$(find /usr/websphere/liberty/*/*/wlp/usr/servers/myproject*/apps/expanded -name '*.war' | grep -v sample | awk -F/ '{print $(NF)}')

this_host=$(hostname -f)

for app in $apps

do

    path=$(find /usr/websphere/liberty/*/*/wlp/usr/servers/myproject*/apps/expanded -name $app)
    basepath=$(dirname $path)
    bootstrap_props=${basepath}/../../bootstrap.properties
    standard_overrides=${basepath}/../../configDropins/overrides/standard_overrides.xml
    https_port=$(cat $standard_overrides | grep httpPort | awk -FhttpsPort=\" '{print $2}' | cut -d \" -f 1)
    context_root=$(cat $bootstrap_props | grep context-root | cut -d = -f 2)
    log_dir=$(cat $bootstrap_props | grep applicationLogDir |grep -v \# | cut -d = -f 2)
    log_file=${log_dir}/check_endpoints.log
    touch $log_file
    chown ${log_owner}:${log_group} $log_file
    timestamp=$(date +%d/%h/%y_%H:%M:%S)
    {
        echo -e "${timestamp}\nAPP: ${app}\nPORT: $https_port\nCONTEXT ROOT: $context_root";
        echo -e "Requesting https://${this_host}:${https_port}${context_root}/info";
        curl -q -k https://${this_host}:${https_port}${context_root}/info --cert ${script_path}/cert.pem --key ${script_path}/key.pem;
        echo -e "\n";
    } >> $log_file 2>&1
done

to extract the certs

/usr/websphere/his/java/8.0/jre/bin/ikeycmd  \
  -DADD_CMS_SERVICE_PROVIDER_ENABLED=true -cert -export -label \
  default -db plugin-key.kdb -stashed -target \
  /tmp/key.pkcs12 -target_pw password -target_type pkcs12

to convert to PEM format using openssl

openssl pkcs12 -in key.pkcs12 -clcerts -nodes > all.pem