Re: How to dump all certificates from a file?
I also had this problem several years back but did not find the nifty
though counter-intuitive workaround using cr2pkcs7 given below.
Since then I've been using a Perl script like this:
> #!/usr/bin/perl
> $/ = '-END CERTIFICATE-';
> while(<>) {
> if(m|$/|s) {
> print STDERR "## $ARGV ##\n";
> system "echo '$_' | openssl x509 -noout -text";
> }
> }
which unfortunately does not work with "TRUSTED CERTIFICATE".
I think the x509 command should be extended to print all certs.
David
On 7 April 2021 04:58:38 CEST, Nan Xiao wrote:
> Hi Viktor,
>
> > By "a file" you clearly mean a "PEM file" with one or more certificates
> exclosed in "-BEGIN ...".."-END ..." delimiters.
>
> Yes, this is what I mean.
>
> > openssl crl2pkcs7 -nocrl -certfile somefile.pem |
> opessl pkcs7 -print_certs -text
>
> Works like a charm! Thanks very much for your time and quick response!
>
> Best Regards
> Nan Xiao
>
> On Wed, Apr 7, 2021 at 10:46 AM Viktor Dukhovni
> wrote:
> >
> > On Wed, Apr 07, 2021 at 10:14:42AM +0800, Nan Xiao wrote:
> >
> > > Greetings from me! By default openssl-x509 can only dump one
> > > certificate from the file:
> >
> > By "a file" you clearly mean a "PEM file" with one or more certificates
> > exclosed in "-BEGIN ...".."-END ..." delimiters. With that
> > proviso, the command in question is:
> >
> > openssl crl2pkcs7 -nocrl -certfile somefile.pem |
> > opessl pkcs7 -print_certs -text
> >
> > The output format can be tweaked slightly, though not quite as much as
> > will "openssl x509". See the pkcs7(1) manpage for details.
> >
> > --
> > Viktor.
>
Re: How to dump all certificates from a file?
Hi Viktor, > By "a file" you clearly mean a "PEM file" with one or more certificates exclosed in "-BEGIN ...".."-END ..." delimiters. Yes, this is what I mean. > openssl crl2pkcs7 -nocrl -certfile somefile.pem | opessl pkcs7 -print_certs -text Works like a charm! Thanks very much for your time and quick response! Best Regards Nan Xiao On Wed, Apr 7, 2021 at 10:46 AM Viktor Dukhovni wrote: > > On Wed, Apr 07, 2021 at 10:14:42AM +0800, Nan Xiao wrote: > > > Greetings from me! By default openssl-x509 can only dump one > > certificate from the file: > > By "a file" you clearly mean a "PEM file" with one or more certificates > exclosed in "-BEGIN ...".."-END ..." delimiters. With that > proviso, the command in question is: > > openssl crl2pkcs7 -nocrl -certfile somefile.pem | > opessl pkcs7 -print_certs -text > > The output format can be tweaked slightly, though not quite as much as > will "openssl x509". See the pkcs7(1) manpage for details. > > -- > Viktor.
Re: How to dump all certificates from a file?
On Wed, Apr 07, 2021 at 10:14:42AM +0800, Nan Xiao wrote: > Greetings from me! By default openssl-x509 can only dump one > certificate from the file: By "a file" you clearly mean a "PEM file" with one or more certificates exclosed in "-BEGIN ...".."-END ..." delimiters. With that proviso, the command in question is: openssl crl2pkcs7 -nocrl -certfile somefile.pem | opessl pkcs7 -print_certs -text The output format can be tweaked slightly, though not quite as much as will "openssl x509". See the pkcs7(1) manpage for details. -- Viktor.
How to dump all certificates from a file?
Hi OpenSSL users, Greetings from me! By default openssl-x509 can only dump one certificate from the file: # openssl x509 --in /etc/ssl/cacert.pem --text --noout Certificate: Data: Version: 3 (0x2) Serial Number: 84:82:2c:5f:1c:62:d0:40 Signature Algorithm: sha256WithRSAEncryption .. I checked the code (https://github.com/openssl/openssl/blob/493e78986f9677c2b321273da51c276b9a8182d8/apps/lib/apps.c#L945): it seems openssl-x509 only dumps the first valid one. I also went through the manual (https://www.openssl.org/docs/man1.1.1/man1/openssl-x509.html), and can't find a method to dump all certificates. Could anyone give some clues in dumping all certificates from a file? Thanks very much in advance! Best Regards Nan Xiao
