bitdivine · August 29, 2015 14:25
diff --git a/Make a certificate chain file b/Make a certificate chain file
 # start with your certificate:
 cert=my.crt
 # we will copy the individual certificates to 001.crt, 002.crt and so on:
 counter=0

 # Now, for each certificate:
 link="$(printf "%03d.crt" $((++counter)))" # 001.cert, 002.crt, ...
 # Check that the certificate is in the human readable PEM format.
 # If not it needs to be converted.  Then copy into 001/2/3.crt
 if openssl x509 -in "$cert" -text -noout &>/dev/null
 then cp  "$cert" "$link"
 else openssl x509 -in "$cert" -inform DER -out "$link" -outform PEM
 fi
 # Make sure the certificate ends in a new line:
 echo >> "$link"
 # Get the next certificate up the chain:
 cert="$(openssl x509 -in $link -text -noout | sed -nr '/Authority Information Access:/,/^\s*$/p' | sed -nr '/CA Issuers/{s/.*URI://g;p}')"
 # Rinse and repeat until you have no more.

 # Concatenate the 001.crt 002.crt etc in that order:
 cat [0-9][0-9][0-9].crt > my.ca-bundle
	# start with your certificate:
	cert=my.crt
	# we will copy the individual certificates to 001.crt, 002.crt and so on:
	counter=0

	# Now, for each certificate:
	link="$(printf "%03d.crt" $((++counter)))" # 001.cert, 002.crt, ...
	# Check that the certificate is in the human readable PEM format.
	# If not it needs to be converted. Then copy into 001/2/3.crt
	if openssl x509 -in "$cert" -text -noout &>/dev/null
	then cp "$cert" "$link"
	else openssl x509 -in "$cert" -inform DER -out "$link" -outform PEM
	fi
	# Make sure the certificate ends in a new line:
	echo >> "$link"
	# Get the next certificate up the chain:
	cert="$(openssl x509 -in $link -text -noout \| sed -nr '/Authority Information Access:/,/^\s$/p' \| sed -nr '/CA Issuers/{s/.URI://g;p}')"
	# Rinse and repeat until you have no more.

	# Concatenate the 001.crt 002.crt etc in that order:
	cat [0-9][0-9][0-9].crt > my.ca-bundle