woodrow/ca_certs.sh

## ca_certs.sh
#!/bin/bash
mkdir -p /tmp/ca_certs/ && rm -f /tmp/ca_certs/*
cd /tmp/ca_certs/
# dump root certs and split on cert boundary (assuming no more than 1000 root certs)
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain | csplit -s -k -f ca_cert -n 3 - '/-----BEGIN CERTIFICATE-----/' '{1000}' >/dev/null 2>&1
# rename the certs based on their openssl subject_hash to ensure the certs are sortable
ls /tmp/ca_certs/ | xargs -n 1 sh -c 'mv $0 $(openssl x509 -hash -noout -in $0)'
# print the OS version in the first line
system_profiler SPSoftwareDataType | grep -o 'System Version.*$' > /tmp/ca_certs.txt
# dump the text of the certs in subject_hash-sorted order into certs.txt
ls /tmp/ca_certs/ | xargs -n 1 openssl x509 -text -in >> /tmp/ca_certs.txt
	#!/bin/bash
	mkdir -p /tmp/ca_certs/ && rm -f /tmp/ca_certs/*
	cd /tmp/ca_certs/
	# dump root certs and split on cert boundary (assuming no more than 1000 root certs)
	security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain \| csplit -s -k -f ca_cert -n 3 - '/-----BEGIN CERTIFICATE-----/' '{1000}' >/dev/null 2>&1
	# rename the certs based on their openssl subject_hash to ensure the certs are sortable
	ls /tmp/ca_certs/ \| xargs -n 1 sh -c 'mv $0 $(openssl x509 -hash -noout -in $0)'
	# print the OS version in the first line
	system_profiler SPSoftwareDataType \| grep -o 'System Version.*$' > /tmp/ca_certs.txt
	# dump the text of the certs in subject_hash-sorted order into certs.txt
	ls /tmp/ca_certs/ \| xargs -n 1 openssl x509 -text -in >> /tmp/ca_certs.txt