Unlike Microsoft Windows, which provides the Trusted Root Certification Authorities Certificate Store, Redhat and CentOS distributions do not provide a “straight forward” way in which to quickly check if a Certificate Authority is included into the Certificate Authority Bundle (CA Bundle).
During a recent project engagement I came across a simple CLI command which can be used to parse the CA bundle and list all of the CA’s included:
[m@srv /home/user]# awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crtAlternatively the same command can be ran, piped through grep to identify a specific CA, for example “Entrust” –
[m@srv /home/user]# awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt | grep EntrustWhilst not complicated, this simple syntax saves a substantial amount of time manually searching CA bundles with a text editor.