User Tools

Site Tools


howtos:extract_intermediate_and_root_ca_s_from_server
openssl s_client -connect dr.dk:443 -showcerts 2>&1 < /dev/null | awk '/-----BEGIN/{flag=1}/-----END/{print;print "hest";flag=0}flag'|awk '/hest/{y=1;next}y'

Connect to server (dr.dk in this case) and match the begin/end tags of the certificates and print them. After each end tag we print the word “hest”. As the first certificate is the server's, we want to print all the remaining certificates. This is done with the second awk command, where we match for the “hest” word, set y to 1 (which implicit means “true”) and jump forward (the next command). After the that we start printing everything, y is now always true meaning print - like this:

y != 0 { print }

It stops printing when it hits the next “hest” word and then continues printing afterwords again. This goes on until there are no more certificates.

And here is a version done with “sed”:

openssl s_client -connect tv2.dk:443 -showcerts </dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/p'
howtos/extract_intermediate_and_root_ca_s_from_server.txt · Last modified: d/m/Y H:i (external edit)