I also had this problem several years back but did not find the nifty
though counter-intuitive workaround using cr2pkcs7 given below.
Since then I've been using a Perl script like this:
> #!/usr/bin/perl
> $/ = '-----END CERTIFICATE-----';
> while(<>) {
> if(m|$/|s) {
> print STDERR "########## $ARGV ##########\n";
> system "echo '$_' | openssl x509 -noout -text";
> }
> }
which unfortunately does not work with "TRUSTED CERTIFICATE".
I think the x509 command should be extended to print all certs.
David
On 7 April 2021 04:58:38 CEST, Nan Xiao <xiaonan830818@xxxxxxxxx> wrote:
> Hi Viktor,
>
> > By "a file" you clearly mean a "PEM file" with one or more certificates
> exclosed in "-----BEGIN ...".."-----END ..." delimiters.
>
> Yes, this is what I mean.
>
> > openssl crl2pkcs7 -nocrl -certfile somefile.pem |
> opessl pkcs7 -print_certs -text
>
> Works like a charm! Thanks very much for your time and quick response!
>
> Best Regards
> Nan Xiao
>
> On Wed, Apr 7, 2021 at 10:46 AM Viktor Dukhovni
> <openssl-users@xxxxxxxxxxxx> wrote:
> >
> > On Wed, Apr 07, 2021 at 10:14:42AM +0800, Nan Xiao wrote:
> >
> > > Greetings from me! By default openssl-x509 can only dump one
> > > certificate from the file:
> >
> > By "a file" you clearly mean a "PEM file" with one or more certificates
> > exclosed in "-----BEGIN ...".."-----END ..." delimiters. With that
> > proviso, the command in question is:
> >
> > openssl crl2pkcs7 -nocrl -certfile somefile.pem |
> > opessl pkcs7 -print_certs -text
> >
> > The output format can be tweaked slightly, though not quite as much as
> > will "openssl x509". See the pkcs7(1) manpage for details.
> >
> > --
> > Viktor.
>
