Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
One-line Bash script to fetch the issuer CA certificate of an x509-specified certificate via id-ad-caIssuers of x509.v3 Authority Information Access extension.
#!/bin/bash
# Maintainer: Gowe Wang<i@gowe.wang>
# Reference: https://tools.ietf.org/html/rfc5280#section-4.2.2.1
# Notice: Just available in most cases.
curl -s $(openssl x509 -in $1 -noout -text | grep -Po "((?<=CA Issuers - URI:)http://.*)$") | openssl x509 -inform DER -outform PEM
@Gowee
Copy link
Author

Gowee commented Nov 7, 2016

Usage:
get-cert-issuer.sh /path/to/your/cert/in/PEM
Known issues:
Does not work in some cases where id-ad-caIssuers or even AIA is not available or id-ad-caIssuers is not distributed via HTTP or in DER format.(Won't fix.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment