2026-03-12 20:23:15
This commit is contained in:
root
14
vdh/get_root_ca.sh
Normal file
14
vdh/get_root_ca.sh
Normal file
@@ -0,0 +1,14 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
### check which root CA was used to sign the certificate of a given https website
|
||||
### get that root certificate from the Mozilla certificate bundle on the server
|
||||
### and store it in the current working directory
|
||||
###
|
||||
### this certificate can then be imported into an oracle wallet or used for other purposes
|
||||
|
||||
chain=$(openssl s_client -connect ${1}:443 <<< . 2>&1|awk '/^Certificate chain$/,/---/')
|
||||
echo "${chain}"
|
||||
root_ca=$(echo "${chain}" | tail -2 | head -1 | awk -F '=' '{print $(NF)}')
|
||||
echo "root CA: " ${root_ca}
|
||||
awk "/^# ${root_ca}$/,/END TRUSTED CERTIFICATE/" /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt | head -n -1 | tail -n +3 | awk 'BEGIN {print "-----BEGIN CERTIFICATE-----"} {print $0} END{print "-----END CERTIFICATE-----"}' | tee $(echo "${root_ca}" | tr ' ' '_').crt
|
||||
|
||||
Reference in New Issue
Block a user