Skip to content

Instantly share code, notes, and snippets.

Created November 7, 2016 14:24
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
One-line Bash script to fetch the issuer CA certificate of an x509-specified certificate via id-ad-caIssuers of x509.v3 Authority Information Access extension.
# Maintainer: Gowe Wang<>
# Reference:
# Notice: Just available in most cases.
curl -s $(openssl x509 -in $1 -noout -text | grep -Po "((?<=CA Issuers - URI:)http://.*)$") | openssl x509 -inform DER -outform PEM
Copy link

Gowee commented Nov 7, 2016

Usage: /path/to/your/cert/in/PEM
Known issues:
Does not work in some cases where id-ad-caIssuers or even AIA is not available or id-ad-caIssuers is not distributed via HTTP or in DER format.(Won't fix.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment