Solved

Need assistance with BASH script to iterate through SSL certs and convert to human readable format

Posted on 2013-11-22
5
376 Views
Last Modified: 2013-11-25
Hi Team,

  We have hundreds of linux based network appliances in our organization and we constantly need to inventory installed SSL certificates in them.   Most of the appliances can do BASH ,fortunately.   Given a particular directory containing many certs and all of them in PEM format,  if I had something like this:
hostname-a# ls -l
cert1.crt
cert2.crt
cert3.crt
cert4.crt
cert5.crt

Open in new window


I just need a simple bash script to loop through every certificate and aggregate the output to a text file. The command for one file is:
openssl x509 -in cert1.crt -text -noout >> allcerts.txt

Open in new window


Instead of doing this:
openssl x509 -in cert1.crt -text -noout >> allcerts.txt
openssl x509 -in cert2.crt -text -noout >> allcerts.txt
openssl x509 -in cert3.crt -text -noout >> allcerts.txt
openssl x509 -in cert4.crt -text -noout >> allcerts.txt
openssl x509 -in cert5.crt -text -noout >> allcerts.txt

Open in new window


How can I run a bash script that runs a loop and iterates through all files in the directory ending in .crt?

thanks very much for any suggestions
0
Comment
Question by:rleyba828
  • 3
  • 2
5 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 39670565
This should work:

for cert in *.crt;
do
        openssl x509 -in $cert -text -noout >> allcerts.txt
done

Open in new window

0
 

Author Comment

by:rleyba828
ID: 39673730
hi xterm,

   Thanks for this.  It seems to be working as expected.  Just one minor request though.   Once I do a cat of the accumulated allcerts.txt file, I see all the certs in one long stream but I have no link as to which certificate file is which CN name.  Is there a way we can put anywhere on the output file the filename of which cert is currently being processed?  If the normal output is this.
[me@myhost]# cat allcerts.txt | more
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0b:00:90:00:00:00:00:00:00
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=PH, DC=COM, DC=MYBANK, DC=MYORG, CN=MYCERTNAME
        Validity

-----------------------output suppressed------------

Open in new window


...can we have this instead (show currently being processed file next to "certificate"), or at least start a new line with the filename, before it starts outputting the contents of the file?

[me@myhost]# cat allcerts.txt | more
Certificate: cert1.crt
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0b:00:90:00:00:00:00:00:00
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=PH, DC=COM, DC=MYBANK, DC=MYORG, CN=MYCERTNAME
        Validity
-----------output suppressed---------------

Open in new window


Many thanks.
0
 
LVL 19

Expert Comment

by:xterm
ID: 39673755
Sure, that's not a problem, I put a newline after the output of each too:

for cert in *.crt;
do
        echo  "Certificate: $cert"
        openssl x509 -in $cert -text -noout >> allcerts.txt
        echo ""
done

Open in new window

0
 
LVL 19

Accepted Solution

by:
xterm earned 500 total points
ID: 39675169
Sorry, I made a mistake here.  It should look like this:

for cert in *.crt;
do
        echo  "Certificate: $cert" >> allcerts.txt
        openssl x509 -in $cert -text -noout >> allcerts.txt
        echo "" >> allcerts.txt
done

Open in new window

0
 

Author Closing Comment

by:rleyba828
ID: 39676599
Excellent! Thanks very much.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now