Skip to content
Snippets Groups Projects
Select Git revision
  • master default
1 result

bundle_certs

  • Clone with SSH
  • Clone with HTTPS
  • Adar Nimrod's avatar
    nimrod authored
    - Changed tests to use Bats, updated README.
    - Removed dependency on Make, updated README, TravisCI.
    - Added usage when called after sourced.
    - Cleaner is_sourced alias.
    - No longer cd into the certs directory.
    - Fixed several small issues, bugs and edge cases.
    da513479
    History

    bundle-certs

    https://travis-ci.org/adarnimrod/bundle_certs.svg?branch=master

    A shell script to bundle SSL certificates in the correct order. The use case envisioned is programmatically handling SSL certificate renewal.

    Installation

    This script can be used in 2 ways. The 1st is copying to /usr/local/bin/bundle_certs, marking as executable and calling the script. The 2nd is copying the file to somewhere under you home directory and sourcing it in your shell's rc file (like .bashrc, .kshrc etc.). With the 2nd way you gain a few shell function for handling SSL certificates (listed below).

    Requirements

    For regular use:

    • A POSIX compatible shell.
    • OpenSSL.
    • AWK.

    For testing/ development purposes, all of the above, plus:

    Usage

    Call the script/ function with the list of certificates you want to order, for example:

    bundle_certs *.crt > bundle.crt

    The outputted bundle is WITHOUT the root (CA) certificate.

    Shell functions

    • subject_hash: Returns OpenSSL's hash of the cert's subject.
    • issuer_hash: Returns OpenSSL's hash of the cert's issuer.
    • find_root_cert: Return the filename of the (first) root (self-signed) certificate of the filenames passed as parameters.
    • find_cert_by_issuer_hash: Gets a hash and a list of filenames, returns the filename of the certificate with that issuer hash. Ignores self-signed (root CA) certificates.
    • unbudle_cert: Gets a filename, creates a directory named certs which contains all of the individual certs in the file (the files are named by their subject hash).
    • bundle_certs: See Usage section above.

    Development and testing

    Testing is done using Bats <https://github.com/sstephenson/bats>`_. To test run bats --tap tests/. Pre-commit is also configured for this repo.

    License

    This software is licensed under the MIT license (see the LICENSE.txt file).

    Author Information

    Nimrod Adar, contact me or visit my website. Patches are welcome via git send-email. The repository is located at: https://www.shore.co.il/cgit/.