Splitting an X509 PEM-Encoded Certificate Bundle into Multiple Files

Today I was wanting to break out a large certificate bundle, containing many X509 PEM-encoded certs, into separate files. While I was thinking about scripting it myself, I realised surely someone has done this before? It's a pretty standard thing for sysadmins to have done before, so resorted to searching online.

Lo and behold, I found two great solutions via How to split a PEM file on Server Fault:

Using the split command, which I've not tried before:

split -p "-----BEGIN CERTIFICATE-----" collection.pem individual-

Or using trusty awk:

awk '
  split_after == 1 {n++;split_after=0}
  /-----END CERTIFICATE-----/ {split_after=1}
  {print > "cert" n ".pem"}' < $file

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #command-line #certificates.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.