I have made a regular expression that matches a text block belonging to a single certificate in a CRT file. This can be tested at https://regex101.com/.

For usage of the expression in powershell, I refer to my previous post Save a sorted CRT file. Take a look in the script and look for $2 , $3 and $4 :

• $2 is used to catch the ’subject’.
• $3 is used to catch the ’issuer’.
• $4 is used to catch the encoded certificate part enclosed in between -----BEGIN CERTIFICATE-----  and -----END CERTIFICATE----- .

Here is the regular expression:

Break down of the regular expression

I used CoPilot i Edge to help me out with the break down of the regular expression.

In summary, this regex is designed to extract information related to the subject, issuer, and the actual certificate content from a text block that includes certificate details. It’s used in my PowerShell script to parse the contents of the .crt  file.

Let’s break down the regular expression step by step:

1. Bag Attributes(\s*|.*)* :
   • This part matches the literal string “Bag Attributes” followed by any number of spaces ( \s* ) or any character ( .* ). The *  quantifier means zero or more occurrences.
   • Essentially, it captures any content that appears before the actual certificate details.
2. subject=(.*)\sissuer=(.*) (This part captures the subject and issuer attributes of the certificate):
   • subject=(.*)  matches the literal string “subject=” followed by any characters (captured by .* ).
   • \sissuer=(.*)  matches a space followed by the literal string “issuer=” and captures any characters after it.
3. \s([-]*BEGIN CERTIFICATE[-]*\s(([A-Za-z0-9+\/]{4})*([A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})|\s)+\s[-]*END CERTIFICATE[-]*) (This part captures the actual certificate content, including the “BEGIN CERTIFICATE” and “END CERTIFICATE” markers):
   • \s  matches a space.
   • ([-]*BEGIN CERTIFICATE[-]*  captures the literal string “BEGIN CERTIFICATE” (with optional hyphens).
   • (([A-Za-z0-9+\/]{4})*([A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})|\s)+ described in detail below.
   • Finally, it captures the literal string “END CERTIFICATE” (with optional hyphens) after the certificate content.

Encoded certificate part

This regular expression captures base64-encoded strings (with optional padding) or whitespace. It’s commonly used to extract base64-encoded data from text or to validate base64 strings.

Here is a break down:

1. ([A-Za-z0-9+\/]{4})* :
   • This part captures groups of four characters (which can be letters, digits, or specific symbols like +  or / ).
   • The *  quantifier means zero or more occurrences of these groups.
2. ([A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4}) :
   • This part captures three different possibilities for the last group of characters in the base64-encoded string:
     • [A-Za-z0-9+\/]{2}== : Two characters followed by == .
     • [A-Za-z0-9+\/]{3}= : Three characters followed by = .
     • [A-Za-z0-9+\/]{4} : Four characters without any additional symbols.
3. |\s :
   • The |  (pipe) symbol acts as an OR operator.
   • It allows for an alternative match: either the base64-encoded string as described above or a single whitespace character ( \s ).
4. + :
   • The +  quantifier means one or more occurrences of the entire preceding group (either base64-encoded characters or whitespace).