Download CA from Tonies Server

[SciLor]

Use teddyCloud to download the Boxine CA. Users may lose it, if they don't backup properly.

Following bash does the same:

#!/bin/bash
openssl s_client -showcerts -verify 5 -connect prod.de.tbs.toys:443 < /dev/null |
    awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/{ if(/BEGIN CERTIFICATE/){a++}; out="cert"a".pem"; print >out}'
for cert in *.pem; do 
    newname=$(openssl x509 -noout -subject -in $cert | sed -nE 's/.*CN ?= ?(.*)/\1/; s/[ ,.*]/_/g; s/__/_/g; s/_-_/-/; s/^_//g;p' | tr '[:upper:]' '[:lower:]').pem
    if [[ "${newname}" == "boxine_ca.pem" ]]; then
        openssl x509 -in "${cert}" -out ca.der -outform DER
    fi
    rm ${cert}
done

[marco79cgn]

Or as a one-liner:

echo "" | openssl s_client -host prod.de.tbs.toys -port 443 -showcerts | awk '/BEGIN CERTIFICATE/ {p=1} ; p==1; /END CERTIFICATE/ {p=0}' | awk '$0=="-----BEGIN CERTIFICATE-----" {n++} n>2' | openssl x509 -outform der -out ca.der

But saving the whole chain and looking for the CA name is probably safer.