Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- # @description Converts .pfx/.pcks Certificates to Unix-ready .ca-crt/.crt/.key Plaintext (pem) files
- # @arguments Cert Filename
- # @copyright Copyright (c) 2015 Frederik Winkelsdorf <winkelsdorf@gmail.com>
- # @license Released under MIT license
- inFile=$1
- outFile="${inFile%.*}" # = inFile without Extension
- cat << EOF
- PPCCK (PFX/PKCS to CA-CRT/CRT/KEY) Converter Script v1.0
- Copyright (c) 2015 Frederik Winkelsdorf <winkelsdorf@gmail.com>
- Released under MIT license
- EOF
- usage()
- {
- cat << EOF
- This script uses OpenSSL to convert the given pfx/pkcs certficate into a
- plaintext (pem format) set of .ca-crt, .crt and .key files. The password
- is removed from the exported private key. It MUST be stored and
- transferred safely, i.e. not user-accesible!
- usage: $0 "Filename"
- EOF
- }
- while getopts “h” option
- do
- case $option in
- h)
- usage
- exit 1
- ;;
- ?)
- usage
- exit
- ;;
- esac
- done
- if [[ -z $inFile ]]
- then
- usage
- exit 1
- fi
- cat << EOF
- Please enter the password for input certificate: $inFile
- EOF
- read -s -p "Password: " password
- printf "\n\n"
- printf "OpenSSL Info\n"
- echo "------------"
- openssl version -a
- printf "\nBasic Certificate Info\n"
- echo "----------------------"
- openssl pkcs12 -info -nokeys -nocerts -in "$inFile" -passin pass:$password
- printf "\nExporting\n"
- echo "---------"
- printf "\nExporting: $outFile.ca-crt\n"
- openssl pkcs12 -nokeys -cacerts -in "$inFile" -out "$outFile.ca-crt" -password pass:$password
- printf "\nExporting: $outFile.crt\n"
- openssl pkcs12 -nokeys -clcerts -in "$inFile" -out "$outFile.crt" -password pass:$password
- printf "\nExporting: $outFile.key\n"
- openssl pkcs12 -nocerts -in "$inFile" -out "$outFile.pem" -passin pass:$password -passout pass:$password
- openssl rsa -in "$outFile.pem" -out "$outFile.key" -passin pass:$password
- printf "\nRemoving intermediate: $outFile.pem\n"
- rm "$outFile.pem"
- echo "Done."
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement