{"id":17876271,"url":"https://github.com/tehmaze/sortpem","last_synced_at":"2025-03-22T01:30:53.786Z","repository":{"id":57517038,"uuid":"159659405","full_name":"tehmaze/sortpem","owner":"tehmaze","description":":loop: Sorting utility for PEM files","archived":false,"fork":false,"pushed_at":"2018-12-04T16:26:28.000Z","size":457,"stargazers_count":13,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-18T06:51:29.045Z","etag":null,"topics":["certificate","key","pem","private-key","shell","shell-scripting","sort","ssl","tls","unix"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tehmaze.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-29T11:58:59.000Z","updated_at":"2023-10-22T08:14:15.000Z","dependencies_parsed_at":"2022-09-12T23:22:09.796Z","dependency_job_id":null,"html_url":"https://github.com/tehmaze/sortpem","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tehmaze%2Fsortpem","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tehmaze%2Fsortpem/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tehmaze%2Fsortpem/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tehmaze%2Fsortpem/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tehmaze","download_url":"https://codeload.github.com/tehmaze/sortpem/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244893361,"owners_count":20527581,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","key","pem","private-key","shell","shell-scripting","sort","ssl","tls","unix"],"created_at":"2024-10-28T11:29:38.138Z","updated_at":"2025-03-22T01:30:53.317Z","avatar_url":"https://github.com/tehmaze.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SortPEM [![GoDoc](https://godoc.org/gopkg.in/tehmaze/sortpem.v1?status.svg)](https://godoc.org/gopkg.in/tehmaze/sortpem.v1)\n\nSorting utility for PEM files. Failing to remember what order to put the\ncertificate and its intermediates in? And what intermediate should we include?\nWonder no longer, and let `sortpem` resolve the chain for you.\n\nIt is assumed your system receives software updates, and it has a recent copy\nof the trusted certificate bundle for your operating system. `sortpem` does\nnot provide root certificates; there are many sources out there that can\nprovide you that information. \n\nIf you wish to use a custom trusted roots bundle (in PEM format), you can pass\nthe `-ca \u003cfile\u003e` flag to `sortpem`.\n\n[API]: https://godoc.org/github.com/tehmaze/sortpem\n\n## Options\n\nMost of the flags are compatible with the `sort(1)` utility:\n\n```\n-D    Enable debug logging\n-a    Output all blocks, not only the ones matching -t\n-c    Count blocks\n-ca string\n      CA file\n-d    Dump text output of decoded PEM block\n-o string\n      Print the output to a file in stead of standard output\n-p string\n      Preset (use \"list\" for an overview)\n-r    Reverse sort\n-root\n      Include root certificate\n-s    Stable sort\n-t value\n      Type of block order and filter (regular expression(s))\n-u    Unique blocks\n```\n\n## Presets\n\nThere are presets available that sets a combination of default options based\non the chose preset:\n\n```\ncerts    -t \"^CERTIFICATE$\" -R\nkeys     -t \"PRIVATE KEY$\"\nnginx    -t \"^CERTIFICATE$\" -t \"PRIVATE KEY$\"\nhaproxy  -t \"^CERTIFICATE$\" -t \"PRIVATE KEY$\" -R\n```\n\n## Example\n\nSort a PEM bundle, CERTIFICATEs first, then any PRIVATE KEY:\n\n```console\nuser@host:~$ ls -1 testdata/*.crt testdata/endpoint.key\ntestdata/endpoint.crt\ntestdata/endpoint.key \ntestdata/intermediate.crt \ntestdata/issuer.crt \ntestdata/root.crt\n\n# We have a self-signed root:\nuser@host:~$ openssl x509 -in testdata/root.crt -noout -subject -issuer\nsubject= /CN=Test Root\nissuer= /CN=Test Root\n\n# By default, the root certificate is omitted (enabled -d which decodes blocks):\nuser@host:~$ cat testdata/*.crt testdata/endpoint.key | sortpem -d | grep Subject:\n  Subject:    CN=endpoint.example.org,L=IL\n  Subject:    CN=Test Intermediate\n  Subject:    CN=Test Issuer\n\n# We can include it, with -root:\nuser@host:~$ cat testdata/*.crt testdata/endpoint.key | sortpem -root -d | grep Subject:\n  Subject:    CN=endpoint.example.org,L=IL\n  Subject:    CN=Test Intermediate\n  Subject:    CN=Test Issuer\n  Subject:    CN=Test Root\n\n# The private key is in there too, by the way:\nuser@host:~$ cat testdata/*.crt testdata/endpoint.key | sortpem -root | grep 'BEGIN '\n-----BEGIN CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n-----BEGIN RSA PRIVATE KEY-----\n\n# Download a public certificate:\nuser@host:~$ echo \"\" | openssl s_client -connect google.com:443 -showcerts \u003e testdata/google.com.crt\ndepth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3\nverify error:num=20:unable to get local issuer certificate\nverify return:0\nDONE\n\n# It sent us 2 certificates:\nuser@host:~$ grep -c 'BEGIN CERTIFICATE' testdata/google.com.crt\n2\n\n# Inspect them:\nuser@host:~$ sortpem -d testdata/google.com.crt | grep Subject:\n  Subject:    CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US\n  Subject:    CN=Google Internet Authority G3,O=Google Trust Services,C=US\n\n# Get the full chain, including root:\nuser@host:~$ sortpem -root -d testdata/google.com.crt | grep Subject:\n  Subject:    CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US\n  Subject:    CN=Google Internet Authority G3,O=Google Trust Services,C=US\n  Subject:    CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftehmaze%2Fsortpem","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftehmaze%2Fsortpem","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftehmaze%2Fsortpem/lists"}