david50407
7/25/2015 - 8:55 AM

Read a SSL certificate issued by StartSSL and bundle intermediate certificates into it so it works everywhere

Read a SSL certificate issued by StartSSL and bundle intermediate certificates into it so it works everywhere

#!/bin/bash
set -eo pipefail

cert_file="$1"

if [ -z "$cert_file" ]; then
  echo "Usage: create-startssl-cert-bundle CERTIFICATE_FILE" >&2
  echo >&2
  echo "Bundles StartSSL's intermediate certs and writes combined certificate to stdout" >&2
  exit 1
fi

matched_url="$(openssl x509 -in "$cert_file" -noout -text \
  | grep --only-matching --extended 'http://aia\.startssl\.com/certs/sub\.class(1|2)\.server\.ca\.crt')"

if [ -z "$matched_url" ]; then
  echo "This doesn't look like a StartSSL certificate" >&2
  exit 1
fi

cert_url="${matched_url%.crt}.pem"

# Read only first certificate out of file
sed '/--END CERTIFICATE--/q' "$cert_file"

curl --silent "$cert_url"
curl --silent  "http://www.startssl.com/certs/ca.pem"