woodrow · August 29, 2015 13:56
diff --git a/ca_certs.sh b/ca_certs.sh
 #!/bin/bash
 mkdir -p /tmp/ca_certs/ && rm -f /tmp/ca_certs/*
 cd /tmp/ca_certs/
 # dump root certs and split on cert boundary (assuming no more than 1000 root certs)
 security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain | csplit -s -k -f ca_cert -n 3 - '/-----BEGIN CERTIFICATE-----/' '{1000}' >/dev/null 2>&1
 # rename the certs based on their openssl subject_hash to ensure the certs are sortable
 ls /tmp/ca_certs/ | xargs -n 1 sh -c 'mv $0 $(openssl x509 -hash -noout -in $0)'
 # print the OS version in the first line
 system_profiler SPSoftwareDataType | grep -o 'System Version.*$' > /tmp/ca_certs.txt
 # dump the text of the certs in subject_hash-sorted order into certs.txt
 ls /tmp/ca_certs/ | xargs -n 1 openssl x509 -text -in >> /tmp/ca_certs.txt
	#!/bin/bash
	mkdir -p /tmp/ca_certs/ && rm -f /tmp/ca_certs/*
	cd /tmp/ca_certs/
	# dump root certs and split on cert boundary (assuming no more than 1000 root certs)
	security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain \| csplit -s -k -f ca_cert -n 3 - '/-----BEGIN CERTIFICATE-----/' '{1000}' >/dev/null 2>&1
	# rename the certs based on their openssl subject_hash to ensure the certs are sortable
	ls /tmp/ca_certs/ \| xargs -n 1 sh -c 'mv $0 $(openssl x509 -hash -noout -in $0)'
	# print the OS version in the first line
	system_profiler SPSoftwareDataType \| grep -o 'System Version.*$' > /tmp/ca_certs.txt
	# dump the text of the certs in subject_hash-sorted order into certs.txt
	ls /tmp/ca_certs/ \| xargs -n 1 openssl x509 -text -in >> /tmp/ca_certs.txt