Given a .cer file generated by my CA, I need to get CA Root and Intermediate certificates. I know it can be done in Ms Windows and an Internet browser but would like to get them using openssl if possible. All articles I checked on the Internet was done starting connecting to an webserver/URL, but what if I have my certificate file locally? Any ideas?
Thank you.
A .cer file is normally a DER formatted x509 certificate. A single certificate. It does not contain the Intermediate certificate(s) or the Root certificate.
You will need to download both of these from the CA site.
You should be able to dump to contents of the certificate with openssl x509 command.
e.g.
openssl x509 -in file.cer -inform der -noout -text
You will see a lot of output. What you really care about is the issuer line which will look something like:
Issuer: C = xx, O = yyy, CN = zzz
The 'O' part will tell you what company issued the certificate and the 'CN' will tell you what "signed" your certificate. To figure out the exact intermediate and root certificates you need, you need to google the exact CN name.
A example CN may be "thawte DV SSL CA - G2", you can google for "thawte DV SSL CA - G2" (with the quotes to search for a exact search match).
This should lead you to this CA download page: https://knowledge.digicert.com/solution/SO26817.html
This would allow you to download the "correct" Intermediate certificate(s) or the Root certificate for the issuer CN.