From a7fe6467ba588d2135793b17f25fe529f5e656fa Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gunnar.beutner@icinga.com>
Date: Wed, 6 Sep 2017 13:15:56 +0200
Subject: [PATCH] Improve log messages for the 'pki save-cert' command

refs #5450
---
 lib/cli/pkisavecertcommand.cpp | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/lib/cli/pkisavecertcommand.cpp b/lib/cli/pkisavecertcommand.cpp
index f823f643e..0651feed4 100644
--- a/lib/cli/pkisavecertcommand.cpp
+++ b/lib/cli/pkisavecertcommand.cpp
@@ -21,6 +21,7 @@
 #include "remote/pkiutility.hpp"
 #include "base/logger.hpp"
 #include "base/tlsutility.hpp"
+#include "base/console.hpp"
 
 using namespace icinga;
 namespace po = boost::program_options;
@@ -77,13 +78,26 @@ int PKISaveCertCommand::Run(const boost::program_options::variables_map& vm, con
 		return 1;
 	}
 
-	boost::shared_ptr<X509> cert =
-	    PkiUtility::FetchCert(vm["host"].as<std::string>(), vm["port"].as<std::string>());
+	String host = vm["host"].as<std::string>();
+	String port = vm["port"].as<std::string>();
+
+	Log(LogInformation, "cli")
+	    << "Retrieving X.509 certificate for '" << host << ":" << port << "'.";
+
+	boost::shared_ptr<X509> cert = PkiUtility::FetchCert(host, port);
 
 	if (!cert) {
-		Log(LogCritical, "cli", "Failed to fetch certificate from host");
+		Log(LogCritical, "cli", "Failed to fetch certificate from host.");
 		return 1;
 	}
 
+	std::cout << PkiUtility::GetCertificateInformation(cert) << "\n";
+	std::cout << ConsoleColorTag(Console_ForegroundRed)
+	    << "***\n"
+	    << "*** You have to ensure that this certificate actually matches the parent\n"
+	    << "*** instance's certificate in order to avoid man-in-the-middle attacks.\n"
+	    << "***\n\n"
+	    << ConsoleColorTag(Console_Normal);
+
 	return PkiUtility::WriteCert(cert, vm["trustedcert"].as<std::string>());
 }