Untitled

#!/usr/bin/env bash

# @description   Converts .pfx/.pcks Certificates to Unix-ready .ca-crt/.crt/.key Plaintext (pem) files
# @arguments     Cert Filename

# @copyright     Copyright (c) 2015 Frederik Winkelsdorf <winkelsdorf@gmail.com>
# @license       Released under MIT license

inFile=$1
outFile="${inFile%.*}" # = inFile without Extension

cat << EOF
PPCCK (PFX/PKCS to CA-CRT/CRT/KEY) Converter Script v1.0
Copyright (c) 2015 Frederik Winkelsdorf <winkelsdorf@gmail.com>
Released under MIT license

EOF

usage()
{
cat << EOF
This script uses OpenSSL to convert the given pfx/pkcs certficate into a
plaintext (pem format) set of .ca-crt, .crt and .key files. The password
is removed from the exported private key. It MUST be stored and
transferred safely, i.e. not user-accesible!

usage: $0 "Filename"

EOF
}

while getopts “h” option
do
     case $option in
         h)
             usage
             exit 1
             ;;
         ?)
             usage
             exit
             ;;
     esac
done

if [[ -z $inFile ]]
then
     usage
     exit 1
fi

cat << EOF
Please enter the password for input certificate: $inFile

EOF

read -s -p "Password: " password
printf "\n\n"

printf "OpenSSL Info\n"
echo "------------"
openssl version -a

printf "\nBasic Certificate Info\n"
echo "----------------------"

openssl pkcs12 -info -nokeys -nocerts -in "$inFile" -passin pass:$password

printf "\nExporting\n"
echo "---------"

printf "\nExporting: $outFile.ca-crt\n"
openssl pkcs12 -nokeys -cacerts -in "$inFile" -out "$outFile.ca-crt" -password pass:$password

printf "\nExporting: $outFile.crt\n"
openssl pkcs12 -nokeys -clcerts -in "$inFile" -out "$outFile.crt" -password pass:$password

printf "\nExporting: $outFile.key\n"
openssl pkcs12 -nocerts -in "$inFile" -out "$outFile.pem" -passin pass:$password -passout pass:$password
openssl rsa -in "$outFile.pem" -out "$outFile.key" -passin pass:$password

printf "\nRemoving intermediate: $outFile.pem\n"
rm "$outFile.pem"

echo "Done."