Note : This is not really a question because I already found the answer but since I didn't find it easily here I will post it so that it can benefit others.
Question : How to read a concatenated PEM file as the one used by apache/mod_ssl directive SSLCACertificateFile ?
Answer (original) (source) :
cat $file|awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "cert" n ".pem"}'
This can leave an empty file if there's a blank line at the end, such as with openssl pkcs7 -outform PEM -in my-chain-file -print_certs
. To prevent that, check the length of the line before printing:
cat $file|awk 'split_after==1{n++;split_after=0}
/-----END CERTIFICATE-----/ {split_after=1}
{if(length($0) > 0) print > "cert" n ".pem"}'
Answer 29/03/2016 :
Following @slugchewer answer, csplit
might be a clearer option with :
csplit -f cert- $file '/-----BEGIN CERTIFICATE-----/' '{*}'
Best Answer
The awk snippet works for extracting the different parts, but you still need to know which section is the key / cert / chain. I needed to extract a specific section, and found this on the OpenSSL mailinglist: http://openssl.6102.n7.nabble.com/Convert-pem-to-crt-and-key-files-tp47681p47697.html