Skip to content

Instantly share code, notes, and snippets.

@woodrow woodrow/
Last active Aug 29, 2015

What would you like to do?
mkdir -p /tmp/ca_certs/ && rm -f /tmp/ca_certs/*
cd /tmp/ca_certs/
# dump root certs and split on cert boundary (assuming no more than 1000 root certs)
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain | csplit -s -k -f ca_cert -n 3 - '/-----BEGIN CERTIFICATE-----/' '{1000}' >/dev/null 2>&1
# rename the certs based on their openssl subject_hash to ensure the certs are sortable
ls /tmp/ca_certs/ | xargs -n 1 sh -c 'mv $0 $(openssl x509 -hash -noout -in $0)'
# print the OS version in the first line
system_profiler SPSoftwareDataType | grep -o 'System Version.*$' > /tmp/ca_certs.txt
# dump the text of the certs in subject_hash-sorted order into certs.txt
ls /tmp/ca_certs/ | xargs -n 1 openssl x509 -text -in >> /tmp/ca_certs.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.