Hi,
If I need to script some management of text files with PEM content, are there already some tools that exist that do this safely?
e.g.
somecert.pem that might contain
-----BEGIN CERTIFICATE----- blah blah -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- more blah -----END DH PARAMETERS-----
What I would like is a utility that can read that file, remove the DH parameters, write new file, validate new file is valid PEM contents, and give exit status 0 on success.
Could be done with standard scripting methods but I'm guessing a perl or python tool already exists that won't have me hitting myself when I make a stupid scripting mistake.
Google and Bing lately though seem to be getting harder and harder for me to use to find that kind of stuff.
Suggestions?
cat ${CERT} |sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/d' > ${TMPFILE}
(one line) seems to work every time as long as it is well formed.
On 09/09/2015 05:12 AM, Alice Wonder wrote:
Hi,
If I need to script some management of text files with PEM content, are there already some tools that exist that do this safely?
e.g.
somecert.pem that might contain
-----BEGIN CERTIFICATE----- blah blah -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- more blah -----END DH PARAMETERS-----
What I would like is a utility that can read that file, remove the DH parameters, write new file, validate new file is valid PEM contents, and give exit status 0 on success.
Could be done with standard scripting methods but I'm guessing a perl or python tool already exists that won't have me hitting myself when I make a stupid scripting mistake.
Google and Bing lately though seem to be getting harder and harder for me to use to find that kind of stuff.
Suggestions? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 09/09/2015 05:12 AM, Alice Wonder wrote:
If I need to script some management of text files with PEM content, are there already some tools that exist that do this safely?
"openssl" provides commands that should be able to process the PEM components in-place.
For instance, if you want to extract the certificate, only, from a PEM file, you can: openssl x509 -in somecert.pem -out cert-only.pem
...and for the private key: openssl rsa -in somecert.pem -out key-only.pem
-
Alice Wonder -
Gordon Messmer