search

Hakky54 / certificate-ripper

🔐 A CLI tool to extract server certificates
Apache License 2.0
714 stars 66 forks source link

SSL Certificate Bundle Splitting Functionality #18

Closed x80486 closed 10 months ago

x80486 commented 11 months ago

Description

I would like to see if a new functionality could be added. Currently, there is a "missing feature" that I believe could enhance firther the usability of the tool. The suggested feature is the ability to split a given SSL certificate bundle into its individual certificates.

Consider a scenario where an SSL certificate bundle is obtained, and there is a need to extract individual certificates from it. I know there is no "ripping" here, but this could be useful in situations where specific certificates need to be deployed to different services or systems.

Describe the Solution You Would Like

For the tools to accept an SSL bundle and split it accordingly.

Something like crip split --location /path/to/ssl/bundle.crt

Describe Alternatives You Have Considered

The usual hack, that never works correctly when copied from any answer, of using openssl and a combination of several other commands with /dev/null — and what not.

Of course, I've also tried crip export pem --url /path/to/bundle.crt but it fails with java.net.MalformedURLException: no protocol :rofl: — and even further with file:/path/to/bundle.crt, to provide a protocol, but this time it doesn't find anything :grimacing:

Additional Context

N/A

Hakky54 commented 11 months ago

Seems like a nice idea. Although it is indeed not really part of the core functionality as ripping from a server, but might be a nice addition

stale[bot] commented 10 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Hakky54 commented 10 months ago

@x80486 It took some time to think over this feature request and I think it is a nice feature. It would indeed be nice to split certificates into separate files. It can even be more advanced like merging multiple in a single file. Supporting different files next to pem, such as der, p12 and jks. It is possible to add that kind of option, however Certificate ripper is designed to just extract server certificates and thats it. I prefer to keep it as simple as possible and as close as possible to the main role of the application itself. So I prefer to have this in a separate application which can these kind of manipulation, which I probable will be working on. Thank you for your suggestion, I like the idea and I understand that these kind of operations can be annoying to do in openssl.

By the way, have you tried KeyStore Explorer ? You can just drag a file and export it into separate files. It is really convenient to use.

x80486 commented 10 months ago

I understand. Like you said, it could be better to have this in a different application. Another avenue could be two releases from the same application, but it certainly complicates the release process, etc.

Anyway, if you end up doing something with the functionality, please make a reference here.

Thanks again! :wave: