Linux – Export SSL certificates and intermediates from a given https URL to a file

Export SSL certificates and intermediates from a given https URL to a file… here is a solution to the problem.

Export SSL certificates and intermediates from a given https URL to a file

How do I get the root SSL certificate and any intermediate certificates to a file from a given URL? Ideally through some command line compatible with linux shell, but I’ll do it manually if I have to. Update: Interactively, with Chrome, if I check the certificate, I have the option to export it. If applicable, there is also a way to get the entire chain. So now I’m just looking for a scriptable way.

Background:

mono nuget.exe install ./packages.config -o ./packages

The project package will be installed on Ubuntu, as long as required certificates are installined in the machine’s trust The store. part is done like this:

$ certmgr -ssl https://nugetgallery.blob.core.windows.net

This command comes with the -ssl option, gets the certificate and any middleware from the specified URL, and requires user confirmation. I’m trying to automate a server build, so I want to add a certificate without user confirmation.

I’ve tried piping the response into the command – ie:

$ echo "Yes" | certmgr -ssl https://nugetgallery.blob.core.windows.net

That won’t work. I tried to export the certificates to a file so I can add them to my build project, but mono certmgr hasn’t implemented “put” yet.

Solution

Assuming openSSL is installed, this command line:

echo | openssl s_client \
    -showcerts \
    -connect nugetgallery.blob.core.windows.net:443 2>&1 |
        sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem

Generate a file that contains all three certificates involved in this chain.

Thanks to <a href=”https://stackoverflow.com/a/7886248/149060″ rel=”noreferrer noopener nofollow”> this answer question: Using openssl to get the certificate from a server to get the solution for chaining. The following command loads the saved certificate into the truststore.

openssl crl2pkcs7 -nocrl -certfile cert.pem -out cert.p7b
certmgr -add -c -m Trust ./cert.p7b

Related Problems and Solutions