Created
June 18, 2024 09:07
-
-
Save tpai/7b915cc0891e12e098333d6ddc72ea6b to your computer and use it in GitHub Desktop.
Certificate chain extraction script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Accept stdin as input domain and dump the certificate chain | |
| domain="$1" | |
| openssl s_client -connect "$domain:443" -showcerts </dev/null 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > fullchain.pem | |
| # Split the chain into individual certificates | |
| awk '/BEGIN CERTIFICATE/{n++} {print >("cert-" n ".pem")}' fullchain.pem | |
| # Rename the split files for clarity, handling 2 or 3 certificates | |
| if [ -f cert-1.pem ]; then mv cert-1.pem server.crt; fi | |
| if [ -f cert-2.pem ]; then | |
| if [ ! -f cert-3.pem ]; then | |
| mv cert-2.pem root.crt | |
| else | |
| mv cert-2.pem intermediate.crt | |
| fi | |
| fi | |
| if [ -f cert-3.pem ]; then mv cert-3.pem root.crt; fi | |
| # 3 certs - google.com | |
| # 2 certs - facebook.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment