Split a combined SSL certificate file into component parts (key and individual certificates)

ssl-cert-split.sh

#!/bin/bash
TEMP="$(mktemp --tmpdir -d 'ssl.XXXXXXXXXX')"
[ -n "$TEMP" -a -d "$TEMP" -a -w "$TEMP" ] || exit 1
_cleanup(){ rm -rf "$TEMP"; }
trap _cleanup EXIT

file="$1"
cert="$TEMP/cert"
now="$(date --utc +'%Y%m%d%H%M%S')"
i=1
site=
allvalid=1
dates=
while read -r line; do
	[[ "$line" = "" ]] && continue
	if [[ "$(sed 's#^--* *\(END\) .*#\1#' <<<"$line")" = "END" ]]; then
		printf '%s\n' "$line" >> "$cert"
		type="$(sed 's#^--* *END \([^-][^-]*\)--*#\1#' <<<"$line")"
		
		case "$type" in
			RSA\ PRIVATE\ KEY)
				cat "$cert" > "$TEMP/key"
				;;
			CERTIFICATE\ REQUEST)
				allvalid=0
				> "$cert"
				;;
			CERTIFICATE)
				CN="$(openssl x509 -in "$cert" -subject -noout | sed 's#^subject=.*CN=\([^/]*\).*$#\1#;')"
				label="${CN//./-}"

				startdate="$(date --utc -d "$(openssl x509 -in "$cert" -startdate -noout | sed 's#^[^=]*=##')" +'%Y%m%d%H%M%S')"
				enddate="$(date --utc -d "$(openssl x509 -in "$cert" -enddate -noout | sed 's#^[^=]*=##')" +'%Y%m%d%H%M%S')"

				valid=OK
				[[ $now -lt $startdate ]] && valid=PREMATURE
				[[ $now -gt $enddate ]] && valid=EXPIRED
				[[ "$valid" = "OK" ]] || allvalid=0
				if [[ ! "$CN" = "$label" ]]; then
					site="$label"
					dates="$startdate-$enddate"
				fi
				#printf '%s\n' "$file.$i $label / $CN $startdate - $enddate $valid" >&2
				#openssl x509 -in "$cert" -text -noout >&2
				cat "$cert" > "$TEMP/cert.$i"

				i="$(( $i + 1 ))"
				> "$cert"
				;;
			*)
				printf 'Unknown Certificate Part (%s.%d) Type: %s\n' "$file" "$i" "$type" >&2
				allvalid=0
				> "$cert"
				;;
		esac
	else
		printf '%s\n' "$line" >> "$cert"
	fi
done < "$file"

rm -f "$TEMP/cert"
if [[ "$allvalid" = "1" ]] && [[ -n "$site" ]]; then
	cat "$TEMP/cert".* > "t/$site.$dates.crt"
	cat "$TEMP/key" > "t/$site.$dates.key"
	echo "$site" >&2
fi