Export SSL certificates and intermediates from a given https URL to a file
How do I get the root SSL certificate and any intermediate certificates to a file from a given URL? Ideally through some command line compatible with linux shell,
but I’ll do it manually if I have to. Update: Interactively, with Chrome, if I check the certificate, I have the option to export it. If applicable, there is also a way to get the entire chain. So now I’m just looking for a scriptable way.
mono nuget.exe install ./packages.config -o ./packages
The project package will be installed on Ubuntu, as long as required certificates are installined in the machine’s trust The store. part is done like this:
$ certmgr -ssl https://nugetgallery.blob.core.windows.net
This command comes with the -ssl option, gets the certificate and any middleware from the specified URL, and requires user confirmation. I’m trying to automate a server build, so I want to add a certificate without user confirmation.
I’ve tried piping the response into the command – ie:
$ echo "Yes" | certmgr -ssl https://nugetgallery.blob.core.windows.net
That won’t work. I tried to export the certificates to a file so I can add them to my build project, but mono certmgr hasn’t implemented “put” yet.
Assuming openSSL is installed, this command line:
echo | openssl s_client \ -showcerts \ -connect nugetgallery.blob.core.windows.net:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem
Generate a file that contains all three certificates involved in this chain.
Thanks to <a href=”https://stackoverflow.com/a/7886248/149060″ rel=”noreferrer noopener nofollow”> this answer question: Using openssl to get the certificate from a server to get the solution for chaining. The following command loads the saved certificate into the truststore.
openssl crl2pkcs7 -nocrl -certfile cert.pem -out cert.p7b certmgr -add -c -m Trust ./cert.p7b