Quick preview X509 Certificate via Firefox-based browser

certificate.plugin.sh

#!/bin/zsh

# This script helps you use a Firefox-based browser's
# built-in certificate inspection feature to
# preview certificate files without actually serve it.
# It's particularly useful for debugging self-signed
# certificate chains and examining certificate details.

view-cert() {
    # Script to convert certificate files to Firefox certificate viewer URLs
    # Usage: view-cert <certificate-file>

    if [ $# -eq 0 ]; then
        echo "Usage: $0 <certificate-file>"
        echo "Example: $0 mycert.crt"
        exit 1
    fi

    CERT_FILE="$1"

    if [ ! -f "$CERT_FILE" ]; then
        echo "Error: File '$CERT_FILE' not found"
        exit 1
    fi

    # Extract all certificates from the file and build the URL
    url="about:certificate"
    first=true

    # Split the file by certificate blocks
    while IFS= read -r line; do
        if [[ "$line" == "-----BEGIN CERTIFICATE-----" ]]; then
            # Start collecting certificate data
            cert_data=""
            in_cert=true
        elif [[ "$line" == "-----END CERTIFICATE-----" ]]; then
            # End of certificate, URL encode and add to URL
            # URL encode the base64 data (encode +, /, =)
            encoded_cert=$(echo -n "$cert_data" | sed 's/+/%2B/g; s/\//%2F/g; s/=/%3D/g')
            
            if [ "$first" = true ]; then
                url="${url}?cert=${encoded_cert}"
                first=false
            else
                url="${url}&cert=${encoded_cert}"
            fi
            in_cert=false
        elif [ "$in_cert" = true ]; then
            # Collect base64 data (remove all whitespace)
            cert_data="${cert_data}${line}"
        fi
    done < "$CERT_FILE"

    # Only Support if the browser is Firefox-based, like Firefox, Zen, Tor.
    # If your default browser is not Firefox-based but you did have Firefox-based browser installed on the system, you can change the variable `DEFAULT_BROWSER` to make it work.
    DEFAULT_BROWSER="$(mdfind kMDItemCFBundleIdentifier = "$(plutil -convert json -o - "$HOME/Library/Preferences/com.apple.LaunchServices/com.apple.launchservices.secure.plist" | jq -r '.LSHandlers[] | select( .LSHandlerURLScheme=="https" ) | .LSHandlerRoleAll')" | grep -E '^/Applications/')"

    open -u "$url" -a "$DEFAULT_BROWSER"
}

Certificate Viewer Plugin

Overview

This script helps you use a Firefox-based browser's built-in certificate inspection feature to view certificate files. It's particularly useful for debugging self-signed certificate chains and examining certificate details.

The script reads certificate files (.crt, .pem, or any file containing PEM-encoded certificates), encodes them, and opens them in Firefox's certificate viewer interface.

Requirements

• macOS (uses the open command) / Linux (requires some modification)
• Firefox-based browser installed (such as Firefox, Waterfox, Zen Browser, Tor, etc.)
• zsh or bash shell
• jq command-line JSON processor (Optional, for determining default browser on macOS; install via Homebrew: brew install jq)

Note

This script is designed for macOS as it uses the macOS-exclusive open command. To use it on Linux, replace open with xdg-open. Despite the shebang line declaring zsh, the script also works with bash without modifications.

Installation

1. Download the Script

Download viewer.plugin.sh and save it to a convenient location, such as:

• ~/scripts/viewer.plugin.sh
• ~/.local/bin/viewer.plugin.sh
• Or any directory in your $PATH

2. Make it Executable (Optional)

If you plan to run it directly, make the script executable:

chmod +x /path/to/viewer.plugin.sh

3. Source the Plugin

The script is designed as a shell plugin, so you need to source it into your shell to use the view-cert function.

For permanent availability (add to your shell's RC file):

For Zsh users (~/.zshrc):

source ~/scripts/viewer.plugin.sh

For Bash users (~/.bashrc or ~/.bash_profile):

source ~/scripts/viewer.plugin.sh

For one-time use (current session only):

source /path/to/viewer.plugin.sh

After sourcing, reload your shell configuration:

source ~/.zshrc  # for zsh
# or
source ~/.bashrc  # for bash

Usage

Basic Usage

view-cert /path/to/your-certificate.crt

Examples

View a single certificate:

view-cert server.crt

View a certificate chain:

view-cert fullchain.pem

View a Let's Encrypt certificate:

view-cert /etc/letsencrypt/live/example.com/cert.pem

How It Works

1. The script reads the certificate file
2. Extracts all PEM-encoded certificates (supports multiple certificates / certificate chains in one file)
3. URL-encodes the certificate data
4. Constructs a Firefox certificate viewer URL (about:certificate)
5. Opens the URL in your default HTTPS browser

Troubleshooting

Error: "command not found: view-cert"

• Make sure you've sourced the script in your current shell session
• Check that the path in your RC file is correct

Error: "File not found"

• Verify the certificate file path is correct
• Check that the file exists and you have read permissions

Browser doesn't open

• Ensure you have a Firefox-based browser installed and set as your default browser
• Check that your default browser is set correctly in System Preferences

Error: "jq: command not found"
If you encounter an error indicating that jq is not found, you need to install it. On macOS, you can install jq using Homebrew with the following command:

brew install jq

Or you can just remove the lines that use jq to determine the default browser, and manually specify your Firefox-based browser path in the script (e.g., /Applications/Firefox.app).