On Fri, Apr 09, 2004 at 06:09:58AM -0400, James Ralston wrote:
> Has anyone figured out a way to extract the root CA certs from Mozilla
> into individually PEM-encoded certs?
We were looking into this a while back, to see whether we could include
the Mozilla root CA bundle in the OpenSSL package... it wasn't clear
whether we could because of the licensing. (certdata.txt is licensed
under the MPL)
Debian have a "ca-certificates" package, the source of which includes a
Ruby script which converts Mozilla's certdata.txt into a set of PEM
files (attached).
Regards,
joe
#!/usr/bin/ruby
while line = $stdin.gets
next if line =~ /^#/
next if line =~ /^\s*$/
line.chomp!
if line =~ /CKA_LABEL/
label,type,val = line.split(' ',3)
val.sub!(/^"/, "")
val.sub!(/"$/, "")
fname = val.gsub(/\//,"_").gsub(/\s+/, "_").gsub(/[()]/, "=").gsub(/,/, "_") + ".crt"
next
end
if line =~ /CKA_VALUE MULTILINE_OCTAL/
data=''
while line = $stdin.gets
break if /^END/
line.chomp!
line.gsub(/\\([0-3][0-7][0-7])/) { data += $1.oct.chr }
end
open(fname, "w") do |fp|
fp.puts "-----BEGIN CERTIFICATE-----"
fp.puts [data].pack("m*")
fp.puts "-----END CERTIFICATE-----"
end
puts "Created #{fname}"
end
end
# system("c_rehash", ".")
