Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

How to extract certs from apache ca-bundle.crt file?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting How to extract certs from apache ca-bundle.crt file?
# 1  
Old 01-16-2014
How to extract certs from apache ca-bundle.crt file?
Apache web server reads Certificate Authority(CA) certs from ../cert/ca-bundle.crt file for SSL authentication. It has all certs in PEM format and no way to know exactly what they are. I want to get each cert seperated by boundary strings into a file and feed it to "keytool" command to see what each cert is.

Code:
# some comments
some more text
# some empty lines or empty lines with spaces
 
 
-----BEGIN CERTIFICATE-----
MIIDTTCCAra
UzEkMCIGA1
FR1N
-----END CERTIFICATE-----
some text
-----BEGIN CERTIFICATE-----
FAsfTTCCAra
-----END CERTIFICATE-----
lot of text here
-----BEGIN CERTIFICATE-----
AFfsfser
AafdsFaf
-----END CERTIFICATE-----

I have around 60 of those blocks with different number of lines between each boundary. I want to read each cert block and pass it to keytool command then print it to a diffrent file to know what they are.

Code:
cat ca-bundle.crt | awk [
for each certblock begin with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----"; do
 
echo "\n ---------------------------" >>allcerts.log
keytool -v -printcert -file $certblock >>allcerts.log
echo "\n ---------------------------" >>allcerts.log
 
done;
]

can someone help with awk/nawk logic? I am using solaris8 kshell 88i version.
or some other simple split/looping to get each block so that I can feed it to keytool?
Last edited by kchinnam; 01-16-2014 at 05:35 PM.. Reason: version info
# 2  
Old 01-16-2014
Here is an approach in bash:
Code:
#!/bin/bash

flag=0

while read line
do
        if [[ "$line" =~ ^[-]*BEGIN ]]
        then
                flag=1
                continue
        fi

        [[ "$line" =~ ^[-]*END ]] && flag=0

        [ $flag -eq 1 ] && keytool -v -printcert -file "$line"

done < ca-bundle.crt

# 3  
Old 01-16-2014
Yoda, are you sure that code will work I thought the -file option of keytool required a filesystem file, and I believe ca-bundle.crt will contain encoded keyblocks eg:

Code:
-----BEGIN CERTIFICATE-----
gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8
YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf
b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9
9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S
zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
-----END CERTIFICATE-----

This User Gave Thanks to Chubler_XL For This Post:
Yoda
# 4  
Old 01-16-2014
It won't work. Please disregard my code.
# 5  
Old 01-16-2014
This might do the job:

Code:
awk '
v{v=v"\n"$0}
/----BEGIN/ {v=$0}
/----END/&&v{
  print v > "tmp.crt"
  close("tmp.crt")
  system("keytool -v -printcert -file tmp.crt >> allcerts.log")
  print "\n--------------------------" >> "allcerts.log"
  close("allcerts.log")
  v=x}' ca-bundle.crt

This User Gave Thanks to Chubler_XL For This Post:
kchinnam
# 6  
Old 01-17-2014
with awk I am getting syntax error @line#2. So I tried it with "/usr/xpg4/bin/awk", that is creating tmp.crt with only
Code:
-----BEGIN CERTIFICATE-----

Then I tried it with nawk, it worked like a charm.
Since there are some certs in a commented state I have added additional condition to filter all commented lines.
Code:
nawk 'v{v=v"\n"$0}!/^#/ && /----BEGIN/ {v=$0}/----END/&&v{  print v > "tmp.crt"  close("tmp.crt")  system("keytool -v -printcert -file tmp.crt >> allcerts.log")  print "\n--------------------------" >> "allcerts.log"  close("allcerts.log")  v=x}' ca-bundle.crt

If I remove v at the start of second line output shows commented certs, with v at the start of second line output does not show commented lines.
What is that first "v" doing at the second line?
I can pre-filter comments from ca-bundle.crt, but I am curious to know the reason behind behaviour I am noticing with nawk.
Last edited by kchinnam; 01-18-2014 at 12:19 AM.. Reason: updated current status
# 7  
Old 01-20-2014
The line v{v=v"\n"$0} translates to: if v has a value assigned then append current line to v

This causes the script to ignore all lines until a "-----BEGIN" line is seen, at which point v is set to "------BEGIBN CERTIFICATE-------" and will be appended with each line from the input until "------END" is seen.
This User Gave Thanks to Chubler_XL For This Post:
kchinnam
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to scp File from root user in one server to say crt user in another server and avoid password?

Can someone help in writing some script through which I can transfer file (scp) from root user in abc server to crt user in hfg server and can give the crt user password in script itself so that it doesn't prompt me every time for password (4 Replies)
Discussion started by: Moon1234
4 Replies

2. Emergency UNIX and Linux Support

Self signed ca-bundle.crt expired

Hi, I have an issue with openssl. Basically I have a ca certificate which has expired and I have regenerated a new ca.cert from the ca.key file and I have concatenated the output of the new ca.crt file and ca-bundle.crt to a new ca-bundle.crt. Have restarted apache, however I still get the... (1 Reply)
Discussion started by: maverick_here
1 Replies

3. Programming

Perl to extract ssl certs from xml file

HI Guys, I'm a newbie in perl. (4 Replies)
Discussion started by: jhamaks
4 Replies

4. Solaris

openssl installing certs

First, let me openly admit that I am a dummy when it comes to openssl. I've never used it before. I am running SunOS 5.10. I am trying to install the certs for openssl but have no idea how to do that. What I have done so far: 1. Created a CSR using the following command: openssl req... (2 Replies)
Discussion started by: MichaelInDC
2 Replies

5. Solaris

Blank screen on crt

Hello I'm new in sun and i have a liitle problem. I buy sun enterprise 420r and connect keyboard and monitor crt (non Sun). But when i start server i have blank screen on crt. I'm new in sun servers and i dont know why its doin this. (11 Replies)
Discussion started by: elmik
11 Replies

6. UNIX for Dummies Questions & Answers

novell certs ?

i want to be cne certified. how good are certmagic preps for novell exams ?. i have heared they r very close to real exams . any comments ? (0 Replies)
Discussion started by: unaiiim
0 Replies

7. UNIX for Dummies Questions & Answers

terminal sessions and certs

Hello a few Q's that if anyone knows the answer to i would be grateful: :confused: when exiting a terminal session run through a windows environment i can either type exit or use ctrl +D. I was wondering if one way was a 'cleaner' method to exit then the other or whether it is executed the... (2 Replies)
Discussion started by: hu$h
2 Replies

8. UNIX for Dummies Questions & Answers

Cannot backspace on my session in CRT

Hi, when I make a mistake and then try to backspace I am unable to do so . Can someone please suggest How I can correct this on my session For Eg: pwd^H^H^H Thanks rooh (2 Replies)
Discussion started by: rooh
2 Replies

9. UNIX for Advanced & Expert Users

ssl certs

Hi all can anyone tell me how i can discover the strength of encryption in an ssl cert. I have used various methods ie apps and verisign web page but they just give me general info. I need to know the encryption level. The cert in question is used in Weblogic application for Solaris 8 any... (1 Reply)
Discussion started by: silvaman
1 Replies

10. UNIX Desktop Questions & Answers

change CRT resolution

Hello I want change my CRT resolution from 1152x900x** to 1280x1024x75 on a Solaris platform but I try "/usr/sbin/m64config" and "/usr/sbin/ffbconfig" command, the both commands failed :-( In the /dev/fbs/ directory there is juste one file : cgsix0 have you got a solution to my customer... (1 Reply)
Discussion started by: ggenevrier
1 Replies
Login or Register to Ask a Question