Hi, If I need to script some management of text files with PEM content, are there already some tools that exist that do this safely? e.g. somecert.pem that might contain -----BEGIN CERTIFICATE----- blah blah -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- more blah -----END DH PARAMETERS----- What I would like is a utility that can read that file, remove the DH parameters, write new file, validate new file is valid PEM contents, and give exit status 0 on success. Could be done with standard scripting methods but I'm guessing a perl or python tool already exists that won't have me hitting myself when I make a stupid scripting mistake. Google and Bing lately though seem to be getting harder and harder for me to use to find that kind of stuff. Suggestions?
cat ${CERT} |sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH
PARAMETERS-----$/d' > ${TMPFILE}
(one line) seems to work every time as long as it is well formed.
On 09/09/2015 05:12 AM, Alice Wonder wrote:> Hi,
>
> If I need to script some management of text files with PEM content, are
> there already some tools that exist that do this safely?
>
> e.g.
>
> somecert.pem that might contain
>
> -----BEGIN CERTIFICATE-----
> blah blah
> -----END CERTIFICATE-----
> -----BEGIN DH PARAMETERS-----
> more blah
> -----END DH PARAMETERS-----
>
> What I would like is a utility that can read that file, remove the DH
> parameters, write new file, validate new file is valid PEM contents, and
> give exit status 0 on success.
>
> Could be done with standard scripting methods but I'm guessing a perl
or
> python tool already exists that won't have me hitting myself when I
make
> a stupid scripting mistake.
>
> Google and Bing lately though seem to be getting harder and harder for
> me to use to find that kind of stuff.
>
> Suggestions?
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
On 09/09/2015 05:12 AM, Alice Wonder wrote:> If I need to script some management of text files with PEM content, > are there already some tools that exist that do this safely?"openssl" provides commands that should be able to process the PEM components in-place. For instance, if you want to extract the certificate, only, from a PEM file, you can: openssl x509 -in somecert.pem -out cert-only.pem ...and for the private key: openssl rsa -in somecert.pem -out key-only.pem