Is there an possibility via an openssl command or via an ansible module to extract only the root an intermediate cert from a fullchain file which includes server, intermediate and root certificate e.g:
fullchain.crt:
-----BEGIN CERTIFICATE -----
.
.
SERVER CRT
.
.
-----END CERTIFICATE -----
-----BEGIN CERTIFICATE -----
.
.
INTERMEDIATE CERT
.
.
-----END CERTIFICATE -----
-----BEGIN CERTIFICATE -----
.
.
ROOT CERT
.
.
-----END CERTIFICATE -----
What I want is to extract from the fullchain only the root and intermediate cert into another file
There are several ways to do that:
openssl crl2pkcs7 -nocrl -certfile fullchain.crt | openssl pkcs7 -print_certs -noout
Something like the afore mentioned would be possible to give you what you're looking for as will generate the subject and issuer.
awk '/-----BEGIN CERTIFICATE-----/{flag=1}/-----END CERTIFICATE-----/{print;flag=0}flag' fullchain.crt | tail -n +4 > root_intermediate.crt
- name: Extract Root and Intermediate Certificates
ansible.builtin.shell:
cmd: >
awk '/-----BEGIN CERTIFICATE-----/{flag=1}/-----END CERTIFICATE-----/{print;flag=0}flag' {{ fullchain_path }} | tail -n +4 > {{ output_path }}
args:
executable: /bin/bash
register: shell_output
Basically is the AWK Method using shell
I vote for either 1st or 2nd as for Ansible I rather to avoid as much as possibly can the use of ansible.builtin.shell as recommended by Best Practices.