SSL 证书可以在文件中的一行中吗（没有换行符）？

Question

默认情况下，SSL 证书在 67 个字符后有换行符。我正在尝试使用 Chef 创建 SSL 证书文件。本质上，我想从没有任何换行符的字符串变量中创建整个证书文件。我已经尝试了几次都无济于事（Apache 抱怨无法找到证书）。

我不明白为什么需要在 SSL 证书中换行。如果可以在文件中没有任何换行符的情况下获得证书，有什么想法吗？

Answer 1

不，如果没有换行符，证书将无法正确处理 - 软件将无法解析它。

如果您尝试将其传递到字符串中，为什么不将它们包含在其中呢？( \n)

Answer 2

我发现这个脚本很少这样做。

awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}'  ca.pem

这将采用多行的标准 PEM 文件，用 替换“隐藏的”换行符\n，并将输出打印为单行。

例如，这将使以下 PEM 文件...

-----BEGIN CERTIFICATE-----
MIIIPDCCBySgAwIBAgIQB2XGTnTlkdaAOcoqhHVj8DANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xODEwMDUwMDAwMDBaFw0xOTA4MTQxMjAwMDBa
MGoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsx
HTAbBgNVBAoTFFN0YWNrIEV4Y2hhbmdlLCBJbmMuMRwwGgYDVQQDDBMqLnN0YWNr
ZXhjaGFuZ2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Kk6
NXUP1ocXt89mT1cIxadBhzCL0YTqP01/DSotUHRzV70qOCT7AdMT0K1Ji6rFyapz
RiqUIhAkhEseXRp0MNr21fSUw4VoCb+ImO6gnIlzolkhrpK6Iy34KyU3zyt8XYD+
mY3i8GjPZOysRJNLy3ouQBmzuOmU/2FomnmiEGF02mVgb3ev8Prcnt7dCiF7liBI
sd3zkPeXvTVYcVcb/MBrFEzc4FuIuphTiJboNz8wHv9+PXAXUUH8TESrUfFPCKJH
wd9EAoNX8jPU1TIxiCoe6XN5E1mPyGgyvEnacH/HerK/eLc46L7YWVGRyjHWaaTK
0rJhKgkh59qsWBdn5wIDAQABo4IE1jCCBNIwHwYDVR0jBBgwFoAUUWj/kK8CB3U8
zNllZGKiErhZcjswHQYDVR0OBBYEFJqKwW7B8k362XsC1I+zA6xqPcZYMIIB/AYD
VR0RBIIB8zCCAe+CEyouc3RhY2tleGNoYW5nZS5jb22CEXN0YWNrZXhjaGFuZ2Uu
Y29tghFzdGFja292ZXJmbG93LmNvbYITKi5zdGFja292ZXJmbG93LmNvbYINc3Rh
Y2thdXRoLmNvbYILc3N0YXRpYy5uZXSCDSouc3N0YXRpYy5uZXSCD3NlcnZlcmZh
dWx0LmNvbYIRKi5zZXJ2ZXJmYXVsdC5jb22CDXN1cGVydXNlci5jb22CDyouc3Vw
ZXJ1c2VyLmNvbYINc3RhY2thcHBzLmNvbYIUb3BlbmlkLnN0YWNrYXV0aC5jb22C
GCoubWV0YS5zdGFja2V4Y2hhbmdlLmNvbYIWbWV0YS5zdGFja2V4Y2hhbmdlLmNv
bYIQbWF0aG92ZXJmbG93Lm5ldIISKi5tYXRob3ZlcmZsb3cubmV0gg1hc2t1YnVu
dHUuY29tgg8qLmFza3VidW50dS5jb22CEXN0YWNrc25pcHBldHMubmV0ghIqLmJs
b2dvdmVyZmxvdy5jb22CEGJsb2dvdmVyZmxvdy5jb22CGCoubWV0YS5zdGFja292
ZXJmbG93LmNvbYIVKi5zdGFja292ZXJmbG93LmVtYWlsghNzdGFja292ZXJmbG93
LmVtYWlsghJzdGFja292ZXJmbG93LmJsb2cwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRw
Oi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAw
hi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3Js
MEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcw
AoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hB
c3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAQYGCisGAQQB1nkC
BAIEgfcEgfQA8gB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAAB
ZkIJ+SMAAAQDAEgwRgIhAPCadxv47cB4QOOvN9s/R23EepEbSI4/MuAdf5vKeU79
AiEA2gZ3O8nzuUVanRW9fg6mgfsL08Nn/ZGm73O/F3IGX2UAdwCHdb/nWXz4jEOZ
X73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWZCCfoGAAAEAwBIMEYCIQDQjfmVBq+/
y2gBK/eE9x6jz9hTZ5tIfhkStS85fMAxegIhAMAuNkyuO4t06EiEgMWialJZuAnk
Qw29GceIBG8r1Ap3MA0GCSqGSIb3DQEBCwUAA4IBAQAAk873/+2QswKfJSQn+iZe
Zc8uiGg99pmd008E2cmGErqNzPclK9INbPjwxl9zIgTcXpF/UtBVVS1Z7Xo83qfs
GMPdMzYt3F+hQpQYLhlGF+5Jf2x6Zb1zjT/aM3GMdGi+6OPV+YHl/wgUe45N6kRu
DZnVL167+W3l2nD+mShO/7xqwHiZuz0GHyBHRp5i43blH0vg67sJ8guN81papupY
2v78FcvR8j0ELfgyehtWpjF3vzKSq/rY2sMXTYzSPqMeksseHNhSMYU6Ww9h9pyM
aVnw9vahqf7nKHHcC2VRTUgkQfn9yDmmBOo0nQ8Xgfpd65/PaxVfBnuKfEkXBfpM
-----END CERTIFICATE-----

看起来像这个输出...

-----BEGIN CERTIFICATE-----\nMIIIPDCCBySgAwIBAgIQB2XGTnTlkdaAOcoqhHVj8DANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0xODEwMDUwMDAwMDBaFw0xOTA4MTQxMjAwMDBa\nMGoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsx\nHTAbBgNVBAoTFFN0YWNrIEV4Y2hhbmdlLCBJbmMuMRwwGgYDVQQDDBMqLnN0YWNr\nZXhjaGFuZ2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Kk6\nNXUP1ocXt89mT1cIxadBhzCL0YTqP01/DSotUHRzV70qOCT7AdMT0K1Ji6rFyapz\nRiqUIhAkhEseXRp0MNr21fSUw4VoCb+ImO6gnIlzolkhrpK6Iy34KyU3zyt8XYD+\nmY3i8GjPZOysRJNLy3ouQBmzuOmU/2FomnmiEGF02mVgb3ev8Prcnt7dCiF7liBI\nsd3zkPeXvTVYcVcb/MBrFEzc4FuIuphTiJboNz8wHv9+PXAXUUH8TESrUfFPCKJH\nwd9EAoNX8jPU1TIxiCoe6XN5E1mPyGgyvEnacH/HerK/eLc46L7YWVGRyjHWaaTK\n0rJhKgkh59qsWBdn5wIDAQABo4IE1jCCBNIwHwYDVR0jBBgwFoAUUWj/kK8CB3U8\nzNllZGKiErhZcjswHQYDVR0OBBYEFJqKwW7B8k362XsC1I+zA6xqPcZYMIIB/AYD\nVR0RBIIB8zCCAe+CEyouc3RhY2tleGNoYW5nZS5jb22CEXN0YWNrZXhjaGFuZ2Uu\nY29tghFzdGFja292ZXJmbG93LmNvbYITKi5zdGFja292ZXJmbG93LmNvbYINc3Rh\nY2thdXRoLmNvbYILc3N0YXRpYy5uZXSCDSouc3N0YXRpYy5uZXSCD3NlcnZlcmZh\ndWx0LmNvbYIRKi5zZXJ2ZXJmYXVsdC5jb22CDXN1cGVydXNlci5jb22CDyouc3Vw\nZXJ1c2VyLmNvbYINc3RhY2thcHBzLmNvbYIUb3BlbmlkLnN0YWNrYXV0aC5jb22C\nGCoubWV0YS5zdGFja2V4Y2hhbmdlLmNvbYIWbWV0YS5zdGFja2V4Y2hhbmdlLmNv\nbYIQbWF0aG92ZXJmbG93Lm5ldIISKi5tYXRob3ZlcmZsb3cubmV0gg1hc2t1YnVu\ndHUuY29tgg8qLmFza3VidW50dS5jb22CEXN0YWNrc25pcHBldHMubmV0ghIqLmJs\nb2dvdmVyZmxvdy5jb22CEGJsb2dvdmVyZmxvdy5jb22CGCoubWV0YS5zdGFja292\nZXJmbG93LmNvbYIVKi5zdGFja292ZXJmbG93LmVtYWlsghNzdGFja292ZXJmbG93\nLmVtYWlsghJzdGFja292ZXJmbG93LmJsb2cwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\nJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRw\nOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAw\nhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3Js\nMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\nd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUw\nJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcw\nAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hB\nc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAQYGCisGAQQB1nkC\nBAIEgfcEgfQA8gB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAAB\nZkIJ+SMAAAQDAEgwRgIhAPCadxv47cB4QOOvN9s/R23EepEbSI4/MuAdf5vKeU79\nAiEA2gZ3O8nzuUVanRW9fg6mgfsL08Nn/ZGm73O/F3IGX2UAdwCHdb/nWXz4jEOZ\nX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWZCCfoGAAAEAwBIMEYCIQDQjfmVBq+/\ny2gBK/eE9x6jz9hTZ5tIfhkStS85fMAxegIhAMAuNkyuO4t06EiEgMWialJZuAnk\nQw29GceIBG8r1Ap3MA0GCSqGSIb3DQEBCwUAA4IBAQAAk873/+2QswKfJSQn+iZe\nZc8uiGg99pmd008E2cmGErqNzPclK9INbPjwxl9zIgTcXpF/UtBVVS1Z7Xo83qfs\nGMPdMzYt3F+hQpQYLhlGF+5Jf2x6Zb1zjT/aM3GMdGi+6OPV+YHl/wgUe45N6kRu\nDZnVL167+W3l2nD+mShO/7xqwHiZuz0GHyBHRp5i43blH0vg67sJ8guN81papupY\n2v78FcvR8j0ELfgyehtWpjF3vzKSq/rY2sMXTYzSPqMeksseHNhSMYU6Ww9h9pyM\naVnw9vahqf7nKHHcC2VRTUgkQfn9yDmmBOo0nQ8Xgfpd65/PaxVfBnuKfEkXBfpM\n-----END CERTIFICATE-----\n

我发现这在尝试通过 Rancher REST API 上传 SSL 证书时很有用，但无法获得正确的编码。

Answer 3

这是一个标准，你应该遵守。

RSA 标准（例如RFC 2459）仅定义了密钥的二进制表示。在实践中，与 OpenPGP 密钥 (RFC 4880) 一样，它们通常使用其他过时的 PEM 标准 ( RFC 1421 )以 base 64 编码。

PEM 可打印编码部分说：

为了表示 PEM 消息的封装文本，编码函数的输出被分隔为文本行（使用本地约定），除了最后一行包含 64 个可打印字符，最后一行包含 64 个或更少的可打印字符。