Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: openssl chain |
|
| Author |
|
sailor
Joined: 17 Apr 2015
Posts: 85
Location: US
|
 Posted: Mon 19 Oct '20 21:22 Post subject: openssl chain |
 |
|
I'm trying to figure out how to get both the root AND interediate cert from this digicert chain pem file. It came in through certbot / Acme.
-----BEGIN CERTIFICATE-----
…
…
-----END CERTIFICATE----- |
|
| Back to top |
|
mraddi
Joined: 27 Jun 2016
Posts: 152
Location: Schömberg, Baden-Württemberg, Germany
|
| Posted: Tue 20 Oct '20 7:22 Post subject: |
|
|
Hello,
the mentioned certificate only contains the intermediate-certificate. As the data only contains one -----BEGIN CERTIFICATE---- ..... -----END CERTIFICATE---- section it is only one certificate and not a complete chain.
Normal browsers do have the root-ca already installed so there is normally no need to have the root-ca within your webserver, too.
But if you need it (for whatever reason) here it is:
| Code: | -----BEGIN CERTIFICATE———
….
….
-----END CERTIFICATE----- |
Easiest way (at least for me) to get the cert was to store your data as im.crt, open it within windows, goto tab "certificate path", select the root-ca-certificate, click on "display certificate", click on tab "details", click on "save to file" and follow the path to store it in a file of your choice.
As I'm using a non-english-version of Win10 the captions in english-versions might be slightly different 
Best regards
Matthias |
|
| Back to top |
|
sailor
Joined: 17 Apr 2015
Posts: 85
Location: US
|
| Posted: Tue 20 Oct '20 17:14 Post subject: |
|
|
| I was hoping there was an openssl command to get it. The keystore I'm putting it into does not have the root cert. I'm trying to keep humans out of the import process. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
|
| Back to top |
|
sailor
Joined: 17 Apr 2015
Posts: 85
Location: US
|
| Posted: Fri 28 Jan '22 20:43 Post subject: Re: openssl chain |
|
|
I finally spent the time to do a vbscript:
| Code: |
Dim filesys
Set objArgs = WScript.Arguments
srcfile = objArgs(0)
Set filesys = CreateObject("Scripting.FileSystemObject")
Set readfile = filesys.OpenTextFile(srcfile, 1, false)
filenum = 0
Do While readfile.AtEndOfStream = False
statsline = readfile.Readline
if InStr(1,statsline,"-----BEGIN") then
filenum = filenum + 1
outfname = "cert" + cstr(filenum) + ".pem"
set fs = CreateObject("Scripting.FileSystemObject")
Set pemfile = fs.CreateTextFile(outfname)
pemfile.Write statsline & vbcrlf
elseif instr (1,statsline,"-----END") then
pemfile.write statsline & vbcrlf
pemfile.close
else
pemfile.write statsline & vbcrlf
End If
loop
readfile.close
pemfile.close
|
create pem file:
openssl.exe pkcs12 -in my.pfx -nodes -out -| awk '/-----BEGIN/{a=1}/-----END/{print;a=0}a' |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
| Posted: Tue 22 Feb '22 12:34 Post subject: |
|
|
| Thanks for sharing the script |
|
| Back to top |
|
|
|
|
|
|
