Actually you can grab the original Boxine CA from their site (prod.de.tbs.toys).
Here’s a shell script for this usecase.
- save it in a file, name it e.g.
dump-boxine-ca.sh - make it executable:
chmod +x dump-boxine-ca.sh - execute it:
./dump-boxine-ca.sh
The resulting ca.der is what you’re looking for.
#!/bin/bash
openssl s_client -showcerts -verify 5 -connect prod.de.tbs.toys:443 < /dev/null |
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/{ if(/BEGIN CERTIFICATE/){a++}; out="cert"a".pem"; print >out}'
for cert in *.pem; do
newname=$(openssl x509 -noout -subject -in $cert | sed -nE 's/.*CN ?= ?(.*)/\1/; s/[ ,.*]/_/g; s/__/_/g; s/_-_/-/; s/^_//g;p' | tr '[:upper:]' '[:lower:]').pem
if [[ "${newname}" == "boxine_ca.pem" ]]; then
openssl x509 -in "${cert}" -out ca.der -outform DER
fi
rm ${cert}
done
PS. make sure your certificate filenames are lowercase (not CA.DER but ca.der etc.)