getcert.sh 1.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546
  1. #!/bin/bash
  2. function get_pem_file() {
  3. infile=$1
  4. level=$((1 + $2))
  5. if [ -z $infile ]
  6. then
  7. return 1
  8. fi
  9. echo Processing $1
  10. crt=`openssl x509 -in ${infile}.pem -noout -text |sed -n -e 's/.*CA Issu.*URI:http:\/\/.*\/\(.*\)\..*/\1/p'`
  11. uri=`openssl x509 -in ${infile}.pem -noout -text |sed -n -e 's/.*CA Issu.*URI:\(.*\)/\1/p'`
  12. if [ -z $uri ]
  13. then
  14. return 1
  15. fi
  16. echo crt=$crt, uri=$uri
  17. wget ${uri}
  18. openssl x509 -inform der -in ${crt}.crt -out ${crt}.pem
  19. export outfile=$crt
  20. if [ $level -lt 5 ]
  21. then
  22. if get_pem_file $outfile level; then
  23. echo completed $outfile with result $?
  24. else
  25. echo done
  26. fi
  27. fi
  28. return 0
  29. }
  30. function get_all_pem(){
  31. export outfile=$2
  32. export url=$1
  33. openssl s_client -showcerts -connect ${url}:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >${outfile}.pem
  34. get_pem_file $outfile 0
  35. }
  36. rm *.pem
  37. rm *.crt
  38. rm *.txt
  39. # seed the start pem
  40. get_all_pem github.com github-com
  41. get_all_pem s3.amazonaws.com s3-amazon-com
  42. cat *.pem >github.pem