?
Solved

Need assistance with BASH script to iterate through SSL certs and convert to human readable format

Posted on 2013-11-22
5
Medium Priority
?
414 Views
Last Modified: 2013-11-25
Hi Team,

  We have hundreds of linux based network appliances in our organization and we constantly need to inventory installed SSL certificates in them.   Most of the appliances can do BASH ,fortunately.   Given a particular directory containing many certs and all of them in PEM format,  if I had something like this:
hostname-a# ls -l
cert1.crt
cert2.crt
cert3.crt
cert4.crt
cert5.crt

Open in new window


I just need a simple bash script to loop through every certificate and aggregate the output to a text file. The command for one file is:
openssl x509 -in cert1.crt -text -noout >> allcerts.txt

Open in new window


Instead of doing this:
openssl x509 -in cert1.crt -text -noout >> allcerts.txt
openssl x509 -in cert2.crt -text -noout >> allcerts.txt
openssl x509 -in cert3.crt -text -noout >> allcerts.txt
openssl x509 -in cert4.crt -text -noout >> allcerts.txt
openssl x509 -in cert5.crt -text -noout >> allcerts.txt

Open in new window


How can I run a bash script that runs a loop and iterates through all files in the directory ending in .crt?

thanks very much for any suggestions
0
Comment
Question by:rleyba828
  • 3
  • 2
5 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 39670565
This should work:

for cert in *.crt;
do
        openssl x509 -in $cert -text -noout >> allcerts.txt
done

Open in new window

0
 

Author Comment

by:rleyba828
ID: 39673730
hi xterm,

   Thanks for this.  It seems to be working as expected.  Just one minor request though.   Once I do a cat of the accumulated allcerts.txt file, I see all the certs in one long stream but I have no link as to which certificate file is which CN name.  Is there a way we can put anywhere on the output file the filename of which cert is currently being processed?  If the normal output is this.
[me@myhost]# cat allcerts.txt | more
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0b:00:90:00:00:00:00:00:00
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=PH, DC=COM, DC=MYBANK, DC=MYORG, CN=MYCERTNAME
        Validity

-----------------------output suppressed------------

Open in new window


...can we have this instead (show currently being processed file next to "certificate"), or at least start a new line with the filename, before it starts outputting the contents of the file?

[me@myhost]# cat allcerts.txt | more
Certificate: cert1.crt
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0b:00:90:00:00:00:00:00:00
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=PH, DC=COM, DC=MYBANK, DC=MYORG, CN=MYCERTNAME
        Validity
-----------output suppressed---------------

Open in new window


Many thanks.
0
 
LVL 19

Expert Comment

by:xterm
ID: 39673755
Sure, that's not a problem, I put a newline after the output of each too:

for cert in *.crt;
do
        echo  "Certificate: $cert"
        openssl x509 -in $cert -text -noout >> allcerts.txt
        echo ""
done

Open in new window

0
 
LVL 19

Accepted Solution

by:
xterm earned 2000 total points
ID: 39675169
Sorry, I made a mistake here.  It should look like this:

for cert in *.crt;
do
        echo  "Certificate: $cert" >> allcerts.txt
        openssl x509 -in $cert -text -noout >> allcerts.txt
        echo "" >> allcerts.txt
done

Open in new window

0
 

Author Closing Comment

by:rleyba828
ID: 39676599
Excellent! Thanks very much.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses
Course of the Month13 days, 21 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question