User Tools

Site Tools

openssl s_client -connect -showcerts 2>&1 < /dev/null | awk '/-----BEGIN/{flag=1}/-----END/{print;print "hest";flag=0}flag'|awk '/hest/{y=1;next}y'

Connect to server ( in this case) and match the begin/end tags of the certificates and print them. After each end tag we print the word “hest”. As the first certificate is the server's, we want to print all the remaining certificates. This is done with the second awk command, where we match for the “hest” word, set y to 1 (which implicit means “true”) and jump forward (the next command). After the that we start printing everything, y is now always true meaning print - like this:

y != 0 { print }

It stops printing when it hits the next “hest” word and then continues printing afterwords again. This goes on until there are no more certificates.

And here is a version done with “sed”:

openssl s_client -connect -showcerts </dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/p'
howtos/extract_intermediate_and_root_ca_s_from_server.txt · Last modified: 02/12/2018 20:34 by