CLI Usage Documentation

The cert_chain_resolver command-line interface (CLI) allows you to resolve and obtain the certificate chain for a given x509 certificate directly from the command line. This tool outputs the full certificate bundle to stdout, allowing you to redirect it to a file or another process.

Getting Started

The CLI tool is straightforward to use with either direct file input or piped input from another command.

Examples

Using a File

To resolve the certificate chain for a certificate file and save the output to a file:

$ cert_chain_resolver certificate.crt > bundle.crt

This command reads the certificate from certificate.crt, resolves the full certificate chain, and writes the resulting PEM-encoded certificates to bundle.crt.

Using Standard Input (stdin)

If you prefer to pipe the certificate data into the tool, you can use the following command:

$ cat certificate.crt | cert_chain_resolver > bundle.crt

This usage is particularly useful in scripting and pipeline scenarios where the certificate content might be the output from another command rather than a static file.

Options

The cert_chain_resolver CLI supports several options to customize its behavior:

  • -i, --info: Print detailed information about each certificate in the chain.

  • --include-root: Include the root certificate in the output if it is available in the chain.

  • --ca-bundle-path CA_BUNDLE_PATH: Use your own CA bundle as the root certificate store for completing the chain. By default this tries to pick your system CA bundle.

Each option can be combined to tailor the output to your specific needs.

Examples with Options

  1. Output Detailed Information:

    $ cert_chain_resolver -i certificate.crt > bundle.crt

    This command will not only resolve the certificate chain but also print detailed information about each certificate, such as the common name, issuer, and subject details.

  2. Include Root Certificate:

    $ cert_chain_resolver --include-root certificate.crt > bundle_with_root.crt

    If the root certificate is available, it will be included in the output file.

  3. Use System CA Store:

    $ cert_chain_resolver --include-root --ca-bundle-path /path/to/own/bundle.pem certificate.crt > bundle.crt