#!/usr/bin/env perluse strict;use warnings;use Data::Dumper;my $host = $AR

1. #!/usr/bin/env perl
2.  
3. use strict;
4. use warnings;
5. use Data::Dumper;
6.  
7. my $host = $ARGV[0];
8. my $port = $ARGV[1] || 443;
9. my $export_file = $ARGV[2] || "/etc/pki/trust/anchors/$host.pem";
10.  
11. die "You must be root to run this script\n" if ($>);
12. die "No host given\nUsage: $0 <host> [port] [export_file]\n" if not $host;
13.  
14. my @out = `echo Q|openssl s_client -showcerts -connect $host:$port`;
15.  
16. my $cnt = 0;
17. my $in = 0;
18. my @certs;
19. foreach my $line (@out) {
20. $in =1 if ($line eq "-----BEGIN CERTIFICATE-----\n") {
21. $certs[$cnt] .= $line if ($in);
22. if ($line eq "-----END CERTIFICATE-----\n") {
23. $in=0;
24. $cnt++;
25. }
26. }
27.  
28. open(my $fh, '>', $export_file);
29. print $fh $_ for @certs;
30. close $fh;
31. system("update-ca-certificates");
32. exit 0;