Solved

Need assistance with BASH script to iterate through SSL certs and convert to human readable format

Posted on 2013-11-22
5
373 Views
Last Modified: 2013-11-25
Hi Team,

  We have hundreds of linux based network appliances in our organization and we constantly need to inventory installed SSL certificates in them.   Most of the appliances can do BASH ,fortunately.   Given a particular directory containing many certs and all of them in PEM format,  if I had something like this:
hostname-a# ls -l
cert1.crt
cert2.crt
cert3.crt
cert4.crt
cert5.crt

Open in new window


I just need a simple bash script to loop through every certificate and aggregate the output to a text file. The command for one file is:
openssl x509 -in cert1.crt -text -noout >> allcerts.txt

Open in new window


Instead of doing this:
openssl x509 -in cert1.crt -text -noout >> allcerts.txt
openssl x509 -in cert2.crt -text -noout >> allcerts.txt
openssl x509 -in cert3.crt -text -noout >> allcerts.txt
openssl x509 -in cert4.crt -text -noout >> allcerts.txt
openssl x509 -in cert5.crt -text -noout >> allcerts.txt

Open in new window


How can I run a bash script that runs a loop and iterates through all files in the directory ending in .crt?

thanks very much for any suggestions
0
Comment
Question by:rleyba828
  • 3
  • 2
5 Comments
 
LVL 19

Expert Comment

by:xterm
ID: 39670565
This should work:

for cert in *.crt;
do
        openssl x509 -in $cert -text -noout >> allcerts.txt
done

Open in new window

0
 

Author Comment

by:rleyba828
ID: 39673730
hi xterm,

   Thanks for this.  It seems to be working as expected.  Just one minor request though.   Once I do a cat of the accumulated allcerts.txt file, I see all the certs in one long stream but I have no link as to which certificate file is which CN name.  Is there a way we can put anywhere on the output file the filename of which cert is currently being processed?  If the normal output is this.
[me@myhost]# cat allcerts.txt | more
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0b:00:90:00:00:00:00:00:00
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=PH, DC=COM, DC=MYBANK, DC=MYORG, CN=MYCERTNAME
        Validity

-----------------------output suppressed------------

Open in new window


...can we have this instead (show currently being processed file next to "certificate"), or at least start a new line with the filename, before it starts outputting the contents of the file?

[me@myhost]# cat allcerts.txt | more
Certificate: cert1.crt
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0b:00:90:00:00:00:00:00:00
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=PH, DC=COM, DC=MYBANK, DC=MYORG, CN=MYCERTNAME
        Validity
-----------output suppressed---------------

Open in new window


Many thanks.
0
 
LVL 19

Expert Comment

by:xterm
ID: 39673755
Sure, that's not a problem, I put a newline after the output of each too:

for cert in *.crt;
do
        echo  "Certificate: $cert"
        openssl x509 -in $cert -text -noout >> allcerts.txt
        echo ""
done

Open in new window

0
 
LVL 19

Accepted Solution

by:
xterm earned 500 total points
ID: 39675169
Sorry, I made a mistake here.  It should look like this:

for cert in *.crt;
do
        echo  "Certificate: $cert" >> allcerts.txt
        openssl x509 -in $cert -text -noout >> allcerts.txt
        echo "" >> allcerts.txt
done

Open in new window

0
 

Author Closing Comment

by:rleyba828
ID: 39676599
Excellent! Thanks very much.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Utilizing an array to gracefully append to a list of EmailAddresses
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now