Re: How to dump all certificates from a file?
I also had this problem several years back but did not find the nifty though counter-intuitive workaround using cr2pkcs7 given below. Since then I've been using a Perl script like this: > #!/usr/bin/perl > $/ = '-END CERTIFICATE-'; > while(<>) { > if(m|$/|s) { > print STDERR "## $ARGV ##\n"; > system "echo '$_' | openssl x509 -noout -text"; > } > } which unfortunately does not work with "TRUSTED CERTIFICATE". I think the x509 command should be extended to print all certs. David On 7 April 2021 04:58:38 CEST, Nan Xiao wrote: > Hi Viktor, > > > By "a file" you clearly mean a "PEM file" with one or more certificates > exclosed in "-BEGIN ...".."-END ..." delimiters. > > Yes, this is what I mean. > > > openssl crl2pkcs7 -nocrl -certfile somefile.pem | > opessl pkcs7 -print_certs -text > > Works like a charm! Thanks very much for your time and quick response! > > Best Regards > Nan Xiao > > On Wed, Apr 7, 2021 at 10:46 AM Viktor Dukhovni > wrote: > > > > On Wed, Apr 07, 2021 at 10:14:42AM +0800, Nan Xiao wrote: > > > > > Greetings from me! By default openssl-x509 can only dump one > > > certificate from the file: > > > > By "a file" you clearly mean a "PEM file" with one or more certificates > > exclosed in "-BEGIN ...".."-END ..." delimiters. With that > > proviso, the command in question is: > > > > openssl crl2pkcs7 -nocrl -certfile somefile.pem | > > opessl pkcs7 -print_certs -text > > > > The output format can be tweaked slightly, though not quite as much as > > will "openssl x509". See the pkcs7(1) manpage for details. > > > > -- > > Viktor. >
Re: How to dump all certificates from a file?
Hi Viktor, > By "a file" you clearly mean a "PEM file" with one or more certificates exclosed in "-BEGIN ...".."-END ..." delimiters. Yes, this is what I mean. > openssl crl2pkcs7 -nocrl -certfile somefile.pem | opessl pkcs7 -print_certs -text Works like a charm! Thanks very much for your time and quick response! Best Regards Nan Xiao On Wed, Apr 7, 2021 at 10:46 AM Viktor Dukhovni wrote: > > On Wed, Apr 07, 2021 at 10:14:42AM +0800, Nan Xiao wrote: > > > Greetings from me! By default openssl-x509 can only dump one > > certificate from the file: > > By "a file" you clearly mean a "PEM file" with one or more certificates > exclosed in "-BEGIN ...".."-END ..." delimiters. With that > proviso, the command in question is: > > openssl crl2pkcs7 -nocrl -certfile somefile.pem | > opessl pkcs7 -print_certs -text > > The output format can be tweaked slightly, though not quite as much as > will "openssl x509". See the pkcs7(1) manpage for details. > > -- > Viktor.
Re: How to dump all certificates from a file?
On Wed, Apr 07, 2021 at 10:14:42AM +0800, Nan Xiao wrote: > Greetings from me! By default openssl-x509 can only dump one > certificate from the file: By "a file" you clearly mean a "PEM file" with one or more certificates exclosed in "-BEGIN ...".."-END ..." delimiters. With that proviso, the command in question is: openssl crl2pkcs7 -nocrl -certfile somefile.pem | opessl pkcs7 -print_certs -text The output format can be tweaked slightly, though not quite as much as will "openssl x509". See the pkcs7(1) manpage for details. -- Viktor.
How to dump all certificates from a file?
Hi OpenSSL users, Greetings from me! By default openssl-x509 can only dump one certificate from the file: # openssl x509 --in /etc/ssl/cacert.pem --text --noout Certificate: Data: Version: 3 (0x2) Serial Number: 84:82:2c:5f:1c:62:d0:40 Signature Algorithm: sha256WithRSAEncryption .. I checked the code (https://github.com/openssl/openssl/blob/493e78986f9677c2b321273da51c276b9a8182d8/apps/lib/apps.c#L945): it seems openssl-x509 only dumps the first valid one. I also went through the manual (https://www.openssl.org/docs/man1.1.1/man1/openssl-x509.html), and can't find a method to dump all certificates. Could anyone give some clues in dumping all certificates from a file? Thanks very much in advance! Best Regards Nan Xiao