Created
July 11, 2016 10:43
-
-
Save friek/00217da40bc83d53113115d6b84708b0 to your computer and use it in GitHub Desktop.
Output the certificate chain of a given certificate, optionally including the private key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| cert="$1" | |
| key="$2" | |
| if [ -z "$cert" -o ! -e "$cert" ]; then | |
| echo "Usage: $0 <cert.pem> [cert.key]" | |
| exit 1 | |
| fi | |
| # Temporary file. | |
| tmpfile="/tmp/`date +%s`.$$" | |
| cleanup() | |
| { | |
| rm -f "$tmpfile" | |
| } | |
| trap cleanup EXIT | |
| touch $tmpfile | |
| # Do the magic | |
| dump_issuer_cert() | |
| { | |
| in="$1" | |
| issuer_hash=`openssl x509 -noout -text -in "$in" -issuer_hash | tail -1` | |
| if grep -q $issuer_hash "$tmpfile"; then | |
| echo "Certificate $in with issuer hash $issuer_hash already seen" > /dev/stderr | |
| return 1 | |
| fi | |
| base_path="/etc/ssl/certs/${issuer_hash}" | |
| if [ -e "${base_path}.0" ]; then | |
| fn="${base_path}.0" | |
| elif [ -e "${base_path}.1" ]; then | |
| fn="${base_path}.1" | |
| else | |
| echo "No certificates found with path ${base_path}*" | |
| return 1 | |
| fi | |
| cat "$fn" | |
| echo $issuer_hash >> $tmpfile | |
| dump_issuer_cert "$fn" | |
| return 0 | |
| } | |
| cat "$cert" | |
| dump_issuer_cert "$cert" | |
| if [ ! -z "$key" ]; then | |
| cat "$key" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment