07 Oct 2022
Chainfiles or multiple concatenated X.509 certificates can not be parsed in a comfortable manner. In this text I'll introduce a oneliner suitable for this task.
perl -0777 -ne '@m=/^-.*\s[a-zA-Z0-9\/+=\s]*.*-$/gm; for (@m){system("echo \"$_\" | openssl x509 -in - -noout -enddate");}' chain.crtThis oneliner can be used on any ordinary chainfile. The needed information that is wished to be received can be altered in the openssl command part. The given example shows the notafter-part of each certificate. Perl is used to wrap up every certificate entry - text between then lines starting and ending with dashes - into an array, which is then used for the loop generating the final results. The challenge is to support multiline content. This is realized by using the input record separator, instructing perl to slurp files whole. Accomodating with this, the n-flag creates a surrounding while loop, for the regex to take effect.