Solved

Need assistance with BASH script to iterate through SSL certs and convert to human readable format

Posted on 2013-11-22
5
384 Views
Last Modified: 2013-11-25
Hi Team,

  We have hundreds of linux based network appliances in our organization and we constantly need to inventory installed SSL certificates in them.   Most of the appliances can do BASH ,fortunately.   Given a particular directory containing many certs and all of them in PEM format,  if I had something like this:
hostname-a# ls -l
cert1.crt
cert2.crt
cert3.crt
cert4.crt
cert5.crt

Open in new window


I just need a simple bash script to loop through every certificate and aggregate the output to a text file. The command for one file is:
openssl x509 -in cert1.crt -text -noout >> allcerts.txt

Open in new window


Instead of doing this:
openssl x509 -in cert1.crt -text -noout >> allcerts.txt
openssl x509 -in cert2.crt -text -noout >> allcerts.txt
openssl x509 -in cert3.crt -text -noout >> allcerts.txt
openssl x509 -in cert4.crt -text -noout >> allcerts.txt
openssl x509 -in cert5.crt -text -noout >> allcerts.txt

Open in new window


How can I run a bash script that runs a loop and iterates through all files in the directory ending in .crt?

thanks very much for any suggestions
0
Comment
Question by:rleyba828
  • 3
  • 2
5 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 39670565
This should work:

for cert in *.crt;
do
        openssl x509 -in $cert -text -noout >> allcerts.txt
done

Open in new window

0
 

Author Comment

by:rleyba828
ID: 39673730
hi xterm,

   Thanks for this.  It seems to be working as expected.  Just one minor request though.   Once I do a cat of the accumulated allcerts.txt file, I see all the certs in one long stream but I have no link as to which certificate file is which CN name.  Is there a way we can put anywhere on the output file the filename of which cert is currently being processed?  If the normal output is this.
[me@myhost]# cat allcerts.txt | more
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0b:00:90:00:00:00:00:00:00
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=PH, DC=COM, DC=MYBANK, DC=MYORG, CN=MYCERTNAME
        Validity

-----------------------output suppressed------------

Open in new window


...can we have this instead (show currently being processed file next to "certificate"), or at least start a new line with the filename, before it starts outputting the contents of the file?

[me@myhost]# cat allcerts.txt | more
Certificate: cert1.crt
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0b:00:90:00:00:00:00:00:00
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=PH, DC=COM, DC=MYBANK, DC=MYORG, CN=MYCERTNAME
        Validity
-----------output suppressed---------------

Open in new window


Many thanks.
0
 
LVL 19

Expert Comment

by:xterm
ID: 39673755
Sure, that's not a problem, I put a newline after the output of each too:

for cert in *.crt;
do
        echo  "Certificate: $cert"
        openssl x509 -in $cert -text -noout >> allcerts.txt
        echo ""
done

Open in new window

0
 
LVL 19

Accepted Solution

by:
xterm earned 500 total points
ID: 39675169
Sorry, I made a mistake here.  It should look like this:

for cert in *.crt;
do
        echo  "Certificate: $cert" >> allcerts.txt
        openssl x509 -in $cert -text -noout >> allcerts.txt
        echo "" >> allcerts.txt
done

Open in new window

0
 

Author Closing Comment

by:rleyba828
ID: 39676599
Excellent! Thanks very much.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question