1

I have got a bunch of self-signed TLS certificates generated with OpenSSL. I need to concatenate them into a single file and distribute them across different Linux hosts used in a gluster cluster.

Naturally I might need to add or remove machines from the cluster, and it will be difficult to identify machines to add or remove if there are no comments and just encryption keys!

So far the file looks like:

-----BEGIN CERTIFICATE-----
MIIDhjCCAm6gAwIBAgIJAP8jOmCKigfgMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV
BAYTAlVLMRMwEQYDVQQIDApTb21l....etc..etc
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIUZtviXBiz6YFUWHDrhMkmG0SnoDgwDQYJKoZIhvcNAQEL
BQAwgY0xCzAJBgNVBAYTAlVLMRAwDgYDVQ....etc..etc
-----END CERTIFICATE-----

I'm looking for a safe way to stick an ignored comment before all the entries:

-----BEGIN CERTIFICATE-----

Is there a universal syntax for adding comments to certificate files?

Thanks!

jww
  • 97,681
  • 90
  • 411
  • 885
AlexH
  • 49
  • 1
  • 9
  • *"Is there a universal syntax for adding comments to certificate files?"* - No. It is dependent on the particular parser being used. For OpenSSL, comments are supported in PEM files. And if you want to add a comment to a X.509 certificate, then there is a `ns-comment` field. Its OID is `2.16.840.1.113730.1.13`. – jww Dec 18 '19 at 13:23
  • great, it's working now, thanks a lot! – AlexH Dec 18 '19 at 13:39

1 Answers1

0

it looks like things should be ignored automatically when it's parsed by openssl - Comments in a pem file ill give it a go!

AlexH
  • 49
  • 1
  • 9