How to extract an issuer certificate from another certificate

Question

How to extract an issuer certificate from another certificate

I have a certificate in X.509 format. Using openssl, I want to extract the issuer certificate to a file, also in X.509 format (so that I can whitelist the issuer with my web service).

How can I do it? The next team did not work, it only printed the issuer's information in text form.

openssl x509 -in cert.x509 -issuer -out issuer.x509

+7

openssl

wberry Nov 20 '13 at 16:12

source share

1 answer

wberry · Accepted Answer · 2013-11-20T17:05:00+0000

openssl x509 -in cert.x509 -text Find the URL of the signing certificate.
curl (url) >signer.der Download the signature certificate to a file (DER format in my case).
openssl x509 -inform der -in signer.der -out signer.pem Converts a signature certificate into PEM format (X.509).
openssl x509 -in signer.pem -text Confirm your results. Repeat the process as necessary throughout the certificate chain.

How to extract an issuer certificate from another certificate

More articles: