Skip to content

Instantly share code, notes, and snippets.

@kgaughan
Last active Aug 29, 2015
Embed
What would you like to do?
Given an SSL/TLS certificate, walk all its intermediates to construct a CA bundle. This is a bit of a hack, but at least it more-or-less works.
#!/bin/sh
#
# Given an SSL/TLS certificate, walk all its intermediates to construct a CA bundle.
#
if test "x$1" = "x"; then
echo Please provide a certificate. >&2
exit 2
fi
if test ! -e $1; then
echo Certificate $1 not found. >&2
exit 2
fi
fetch_intermediates () {
local cert
while read url; do
if test "${url##*.}" != "p7c"; then
cert=$(mktemp intermediate.XXXXXXXXXX)
curl --silent $url | openssl x509 -subject -issuer -outform PEM -inform DER | tee $cert
get_issuers $cert | fetch_intermediates
rm -f $cert
fi
done
}
get_issuers () {
openssl x509 -text -noout -in $1 | grep 'CA Issuers - URI:' | cut -f2- -d:
}
get_issuers $1 | fetch_intermediates
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment