Splitting an X509 PEM-Encoded Certificate Bundle into Multiple Files

Today I was wanting to break out a large certificate bundle, containing many X509 PEM-encoded certs, into separate files. While I was thinking about scripting it myself, I realised surely someone has done this before? It's a pretty standard thing for sysadmins to have done before, so resorted to searching online.

Lo and behold, I found two great solutions via How to split a PEM file on Server Fault:

Using the split command, which I've not tried before:

split -p "-----BEGIN CERTIFICATE-----" collection.pem individual-

Or using trusty awk:

awk '
  split_after == 1 {n++;split_after=0}
  /-----END CERTIFICATE-----/ {split_after=1}
  {print > "cert" n ".pem"}' < $file

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.


This post was filed under articles.

Related Posts

Other posts you may be interested in:

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.