从 openssl pem 文件中获取证书部分
Get just the certificate portion from an openssl pem file
我有一个 PEM 格式的证书,其中包含 ASCII/UTF-8 文本中的所有 headers。我只想输出证书本身。换句话说,以下部分包括:
-----BEGIN CERTIFICATE-----
和
-----END CERTIFICATE-----
我可以通过从源 pem 文件中简单地剪切和粘贴来做到这一点。但是,我想使用 OpenSSL 来执行此操作。我查看了各种 -text -certopt X,但我尝试过的 none 只给出了证书部分。
有什么方法可以使用 OpenSSL 只输出编码证书吗?它是怎么做到的?
Get just the certificate portion from an openssl pem file
不要使用 OpenSSL。相反,请使用 cat、awk、sed 和重定向。
例如:
$ ls *.pem
DigiCertHighAssuranceEVRootCA.pem
$ cat DigiCertHighAssuranceEVRootCA.pem
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
...
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----
然后,敲第一行:
$ cat DigiCertHighAssuranceEVRootCA.pem | sed '1,1d'
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
...
最后一行:
$ cat DigiCertHighAssuranceEVRootCA.pem | sed '$ d'
...
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
将它们放在一起:
$ cat DigiCertHighAssuranceEVRootCA.pem | sed '1,1d' | sed '$ d'
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
...
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
最后,您可以通过用分号分隔单独的命令来折叠 sed 命令:
$ cat DigiCertHighAssuranceEVRootCA.pem | sed '1,1d;$ d'
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
现在,我不确定您要用 -certopt X 做什么,所以请对此持保留态度...要以可读形式打印证书,请使用 -text -noout :
$ cat DigiCertHighAssuranceEVRootCA.pem | openssl x509 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
Validity
Not Before: Nov 10 00:00:00 2006 GMT
Not After : Nov 10 00:00:00 2031 GMT
Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d:32:a6:df:
e5:81:3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:
a2:0a:1c:b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:
a4:a9:41:59:3a:d3:dc:94:d6:3c:db:74:38:a4:4a:
cc:4d:25:82:f7:4a:a5:53:12:38:ee:f3:49:6d:71:
91:7e:63:b6:ab:a6:5f:c3:a4:84:f8:4f:62:51:be:
f8:c5:ec:db:38:92:e3:06:e5:08:91:0c:c4:28:41:
55:fb:cb:5a:89:15:7e:71:e8:35:bf:4d:72:09:3d:
be:3a:38:50:5b:77:31:1b:8d:b3:c7:24:45:9a:a7:
ac:6d:00:14:5a:04:b7:ba:13:eb:51:0a:98:41:41:
22:4e:65:61:87:81:41:50:a6:79:5c:89:de:19:4a:
57:d5:2e:e6:5d:1c:53:2c:7e:98:cd:1a:06:16:a4:
68:73:d0:34:04:13:5c:a1:71:d3:5a:7c:55:db:5e:
64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:79:
39:88:a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:
a8:38:ab:0a:64:c2:bf:66:5d:95:84:c1:a1:25:1e:
87:5d:1a:50:0b:20:12:cc:41:bb:6e:0b:51:38:b8:
4b:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3
X509v3 Authority Key Identifier:
keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3
Signature Algorithm: sha1WithRSAEncryption
1c:1a:06:97:dc:d7:9c:9f:3c:88:66:06:08:57:21:db:21:47:
f8:2a:67:aa:bf:18:32:76:40:10:57:c1:8a:f3:7a:d9:11:65:
8e:35:fa:9e:fc:45:b5:9e:d9:4c:31:4b:b8:91:e8:43:2c:8e:
b3:78:ce:db:e3:53:79:71:d6:e5:21:94:01:da:55:87:9a:24:
64:f6:8a:66:cc:de:9c:37:cd:a8:34:b1:69:9b:23:c8:9e:78:
22:2b:70:43:e3:55:47:31:61:19:ef:58:c5:85:2f:4e:30:f6:
a0:31:16:23:c8:e7:e2:65:16:33:cb:bf:1a:1b:a0:3d:f8:ca:
5e:8b:31:8b:60:08:89:2d:0c:06:5c:52:b7:c4:f9:0a:98:d1:
15:5f:9f:12:be:7c:36:63:38:bd:44:a4:7f:e4:26:2b:0a:c4:
97:69:0d:e9:8c:e2:c0:10:57:b8:c8:76:12:91:55:f2:48:69:
d8:bc:2a:02:5b:0f:44:d4:20:31:db:f4:ba:70:26:5d:90:60:
9e:bc:4b:17:09:2f:b4:cb:1e:43:68:c9:07:27:c1:d2:5c:f7:
ea:21:b9:68:12:9c:3c:9c:bf:9e:fc:80:5c:9b:63:cd:ec:47:
aa:25:27:67:a0:37:f3:00:82:7d:54:d7:a9:f8:e9:2e:13:a3:
77:e8:1f:4a
您还可以使用 openssl x509 实用程序为您打开文件:
$ openssl x509 -in DigiCertHighAssuranceEVRootCA.pem -inform PEM -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
...
并从 PEM 转换为 DER:
$ openssl x509 -in DigiCertHighAssuranceEVRootCA.pem -inform PEM \
-out DigiCertHighAssuranceEVRootCA.der -outform DER
$ dumpasn1 DigiCertHighAssuranceEVRootCA.der
0 965: SEQUENCE {
4 685: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 16: INTEGER 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
...
Is there any way of outputting just the encoded certificate using OpenSSL? How is it done?
没有。除了 -inform 之外,OpenSSL 还有 -outform。有三种可用的 inform 和 outform:DER、PEM 和 NET。 None 其中是裸 Base64。
只是晚了一点。我只是需要完全相同的东西,并且不想在 awk、sed 或其他任何东西中执行逻辑。
openssl x509 -in YOUR_CERTIFICATE.pem -text -certopt no_header,no_pubkey,no_subject,no_issuer,no_signame,no_version,no_serial,no_validity,no_extensions,no_sigdump,no_aux,no_extensions
不知道是否还有其他字段恰好没有出现在我测试过的证书中。到目前为止,尽管所有迹象都表明这正是您所追求的。
只是更晚了。我猜这是尽可能接近的 openssl + base64。
openssl x509 -in cert.pem -outform der | base64 -w 64
简单的解决方案:
openssl x509 -in cert.pem | sed -e '1d;$d' > just_the_certificate_itself.txt
我有一个 PEM 格式的证书,其中包含 ASCII/UTF-8 文本中的所有 headers。我只想输出证书本身。换句话说,以下部分包括:
-----BEGIN CERTIFICATE-----
和
-----END CERTIFICATE-----
我可以通过从源 pem 文件中简单地剪切和粘贴来做到这一点。但是,我想使用 OpenSSL 来执行此操作。我查看了各种 -text -certopt X,但我尝试过的 none 只给出了证书部分。
有什么方法可以使用 OpenSSL 只输出编码证书吗?它是怎么做到的?
Get just the certificate portion from an openssl pem file
不要使用 OpenSSL。相反,请使用 cat、awk、sed 和重定向。
例如:
$ ls *.pem
DigiCertHighAssuranceEVRootCA.pem
$ cat DigiCertHighAssuranceEVRootCA.pem
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
...
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----
然后,敲第一行:
$ cat DigiCertHighAssuranceEVRootCA.pem | sed '1,1d'
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
...
最后一行:
$ cat DigiCertHighAssuranceEVRootCA.pem | sed '$ d'
...
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
将它们放在一起:
$ cat DigiCertHighAssuranceEVRootCA.pem | sed '1,1d' | sed '$ d'
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
...
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
最后,您可以通过用分号分隔单独的命令来折叠 sed 命令:
$ cat DigiCertHighAssuranceEVRootCA.pem | sed '1,1d;$ d'
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
现在,我不确定您要用 -certopt X 做什么,所以请对此持保留态度...要以可读形式打印证书,请使用 -text -noout :
$ cat DigiCertHighAssuranceEVRootCA.pem | openssl x509 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
Validity
Not Before: Nov 10 00:00:00 2006 GMT
Not After : Nov 10 00:00:00 2031 GMT
Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d:32:a6:df:
e5:81:3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:
a2:0a:1c:b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:
a4:a9:41:59:3a:d3:dc:94:d6:3c:db:74:38:a4:4a:
cc:4d:25:82:f7:4a:a5:53:12:38:ee:f3:49:6d:71:
91:7e:63:b6:ab:a6:5f:c3:a4:84:f8:4f:62:51:be:
f8:c5:ec:db:38:92:e3:06:e5:08:91:0c:c4:28:41:
55:fb:cb:5a:89:15:7e:71:e8:35:bf:4d:72:09:3d:
be:3a:38:50:5b:77:31:1b:8d:b3:c7:24:45:9a:a7:
ac:6d:00:14:5a:04:b7:ba:13:eb:51:0a:98:41:41:
22:4e:65:61:87:81:41:50:a6:79:5c:89:de:19:4a:
57:d5:2e:e6:5d:1c:53:2c:7e:98:cd:1a:06:16:a4:
68:73:d0:34:04:13:5c:a1:71:d3:5a:7c:55:db:5e:
64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:79:
39:88:a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:
a8:38:ab:0a:64:c2:bf:66:5d:95:84:c1:a1:25:1e:
87:5d:1a:50:0b:20:12:cc:41:bb:6e:0b:51:38:b8:
4b:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3
X509v3 Authority Key Identifier:
keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3
Signature Algorithm: sha1WithRSAEncryption
1c:1a:06:97:dc:d7:9c:9f:3c:88:66:06:08:57:21:db:21:47:
f8:2a:67:aa:bf:18:32:76:40:10:57:c1:8a:f3:7a:d9:11:65:
8e:35:fa:9e:fc:45:b5:9e:d9:4c:31:4b:b8:91:e8:43:2c:8e:
b3:78:ce:db:e3:53:79:71:d6:e5:21:94:01:da:55:87:9a:24:
64:f6:8a:66:cc:de:9c:37:cd:a8:34:b1:69:9b:23:c8:9e:78:
22:2b:70:43:e3:55:47:31:61:19:ef:58:c5:85:2f:4e:30:f6:
a0:31:16:23:c8:e7:e2:65:16:33:cb:bf:1a:1b:a0:3d:f8:ca:
5e:8b:31:8b:60:08:89:2d:0c:06:5c:52:b7:c4:f9:0a:98:d1:
15:5f:9f:12:be:7c:36:63:38:bd:44:a4:7f:e4:26:2b:0a:c4:
97:69:0d:e9:8c:e2:c0:10:57:b8:c8:76:12:91:55:f2:48:69:
d8:bc:2a:02:5b:0f:44:d4:20:31:db:f4:ba:70:26:5d:90:60:
9e:bc:4b:17:09:2f:b4:cb:1e:43:68:c9:07:27:c1:d2:5c:f7:
ea:21:b9:68:12:9c:3c:9c:bf:9e:fc:80:5c:9b:63:cd:ec:47:
aa:25:27:67:a0:37:f3:00:82:7d:54:d7:a9:f8:e9:2e:13:a3:
77:e8:1f:4a
您还可以使用 openssl x509 实用程序为您打开文件:
$ openssl x509 -in DigiCertHighAssuranceEVRootCA.pem -inform PEM -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
...
并从 PEM 转换为 DER:
$ openssl x509 -in DigiCertHighAssuranceEVRootCA.pem -inform PEM \
-out DigiCertHighAssuranceEVRootCA.der -outform DER
$ dumpasn1 DigiCertHighAssuranceEVRootCA.der
0 965: SEQUENCE {
4 685: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 16: INTEGER 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
...
Is there any way of outputting just the encoded certificate using OpenSSL? How is it done?
没有。除了 -inform 之外,OpenSSL 还有 -outform。有三种可用的 inform 和 outform:DER、PEM 和 NET。 None 其中是裸 Base64。
只是晚了一点。我只是需要完全相同的东西,并且不想在 awk、sed 或其他任何东西中执行逻辑。
openssl x509 -in YOUR_CERTIFICATE.pem -text -certopt no_header,no_pubkey,no_subject,no_issuer,no_signame,no_version,no_serial,no_validity,no_extensions,no_sigdump,no_aux,no_extensions
不知道是否还有其他字段恰好没有出现在我测试过的证书中。到目前为止,尽管所有迹象都表明这正是您所追求的。
只是更晚了。我猜这是尽可能接近的 openssl + base64。
openssl x509 -in cert.pem -outform der | base64 -w 64
简单的解决方案:
openssl x509 -in cert.pem | sed -e '1d;$d' > just_the_certificate_itself.txt