I'd like to know what is the best way to extract serial number from a SSL certificate formatted in PEM format.
After that I'd like to format the certificate in following format hexhex:hexhex:...:hexhex
so for example if my serial number of the SSL certificate in hexadecimal is
0123456709AB
the output should be
01:23:45:67:09:AB
For preference I'd like to acomplish this using openssl with the x509 option using one single line UNIX command
Best Answer
Try:
openssl x509 -noout -serial -in cert.pem
will output the serial number of the certificate, but in the formatserial=0123456709AB
.It is therefore piped to
cut -d'=' -f2
which splits the output on the equal sign and outputs the second part -0123456709AB
.That is sent to
sed
. The first part of thesed
commands/../&:/g
splits the string every two characters (..
) and inserts a colon (:
). This results in01:23:45:67:89:AB:
(note the colon on the end).The second part of the
sed
command (s/:$//
) searches for a colon at the end of the output and replaces it with an empty string, resulting in the desired output.Or for a
openssl
andsed
only answer:The addition of
s/.*=//g
at the start of thesed
command replaces thecut
in the first version.