Re: extract root CA certs from Mozilla?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 09, 2004 at 06:09:58AM -0400, James Ralston wrote:
> Has anyone figured out a way to extract the root CA certs from Mozilla
> into individually PEM-encoded certs?

We were looking into this a while back, to see whether we could include
the Mozilla root CA bundle in the OpenSSL package... it wasn't clear
whether we could because of the licensing. (certdata.txt is licensed
under the MPL)

Debian have a "ca-certificates" package, the source of which includes a
Ruby script which converts Mozilla's certdata.txt into a set of PEM
files (attached).

Regards,

joe
#!/usr/bin/ruby

while line = $stdin.gets
  next if line =~ /^#/
  next if line =~ /^\s*$/
  line.chomp!
  if line =~ /CKA_LABEL/
    label,type,val = line.split(' ',3)
    val.sub!(/^"/, "")
    val.sub!(/"$/, "")
    fname = val.gsub(/\//,"_").gsub(/\s+/, "_").gsub(/[()]/, "=").gsub(/,/, "_") + ".crt"
    next
  end
  if line =~ /CKA_VALUE MULTILINE_OCTAL/
    data=''
    while line = $stdin.gets
      break if /^END/
      line.chomp!
      line.gsub(/\\([0-3][0-7][0-7])/) { data += $1.oct.chr }
    end
    open(fname, "w") do |fp|
      fp.puts "-----BEGIN CERTIFICATE-----"
      fp.puts [data].pack("m*")
      fp.puts "-----END CERTIFICATE-----"
    end
    puts "Created #{fname}"
  end
end
# system("c_rehash", ".")

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux