Reputation: 577
Formatting "userCertificate;binary" for OpenSSL Processing
Goal: To query an LDAP server and identify certificate expiration dates.
Background: I am able to dump user certificates (via ldapsearch) in the "userCertificate;binary" format. This results in data similar to the below:
userCertificate:: MIIABUNCHMORECHARACTERSFORCERT1
userCertificate:: MIIABUNCHMORECHARACTERSFORCERT2
(I believe )To process the above with OpenSSL I must format the output as below:
File1:
-----BEGIN CERTIFICATE-----
MIIABUNCHMORECHARACTERSFORCERT1
-----END CERTIFICATE-----
File2:
-----BEGIN CERTIFICATE-----
MIIABUNCHMORECHARACTERSFORCERT2
-----END CERTIFICATE-----
Questions:
What is the best way to script looping through the ldapsearch results and for each entry remove "userCertificate;binary", place the certificate between the BEGIN/END tags, and then place each entry into an individual file for processing? I'm assuming this can be done with 'awk' or 'sed'.
Is there a way to process with OpenSSL without adding the BEGIN/END tags or separating each entry into a new file?
Thank you.
Upvotes: 0
Views: 811
Answers (1)
Reputation: 577
cat ldap_search_results.ldi |
grep userCertificate |
while read line
do
cert=$(echo $line | awk -F '::' '{print $2}')
echo -e "-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----" |
openssl x509 -text |
grep -Ei 'Subject|not after'
done
Upvotes: 1
Related Questions
- How do you pipe "echo" into "openssl"?
- How to get openssl utilities to accept console input instead of input from file
- Encrypt a string using openssl command line
- Openssl rsautl output to base64
- Is it possible to pipe a file with quotes and special characters to OpenSSL?
- How to use openssl to output encrypted/decrypted message to stdout
- Syntax error: "(" unexpected error while creating an openssl certificate using a bash command
- Decrypting with openssl enc
- Working with openssl to extract information from a pkcs12 certificate
- Passing key material to openssl commands