Created
May 14, 2014 14:29
-
-
Save liftoff/edeb6e2875ccf720ceff to your computer and use it in GitHub Desktop.
Split up and/or remove duplicate certificates from a PEM-formatted CA bundle (e.g. ca-bundle.crt)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Split up and remove duplicate CA certificates from a bundle (e.g. | |
| ca-bundle.crt). | |
| .. note:: | |
| This script will preserve comments and certificate metadata at | |
| the expense of possibly missing duplicates (that don't have the | |
| same leading comments/metadata). It does *not* preserve ordering. | |
| """ | |
| ca_bundle_path = "/etc/ssl/certs/ca-bundle.crt" | |
| new_ca_bundle_path = "/etc/ssl/certs/ca-bundle.crt.new" | |
| cert = "" | |
| ca_certs = set() # Using a set to prevent (exact) duplicates | |
| for line in open(ca_bundle_path, 'rb'): | |
| cert += line | |
| if '-----END CERTIFICATE-----' in line: | |
| ca_certs.add(cert) | |
| cert = "" | |
| # Now we've got all our certificates in the ca_certs variable | |
| # with duplicates removed. Write them out to the new file: | |
| with open(new_ca_bundle_path, 'wb') as ca_bundle: | |
| ca_bundle.write(''.join(ca_certs)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Very useful and handy Script.
Thank you @liftoff 👍 💯
Quick note: I had to open the file in 'r' mode instead of 'rb' to do the concatenations of lines(str type) using python v3+