Direkt zum Inhalt | Direkt zur Navigation

Benutzerspezifische Werkzeuge

This is SunRain Plone Theme

Sektionen

Sie sind hier: Startseite / Unix / OpenVPN / conver_p12_to_pem.sh

conver_p12_to_pem.sh

convert P12 File to PEM Format

#/bin/sh
#set -x
###########################################################################
# $Id: conver_p12_to_pem.sh,v 1.4 2013/06/05 06:19:28 Andreas_A_Kempf Exp $
#
###########################################################################
#  Convert PKCS#12 or PFX format to PEM format
#
# 10/2014 Andreas Kempf
#
# Author        : $Author: Andreas_A_Kempf $
# Locker        : $Locker:  $
# Date          : $Date: 2013/06/05 06:19:28 $
# Symbolic Name : $Name:  $
# Revision      : $Revision: 1.4 $
# State         : $State: Exp $
###########################################################################
usage() {
cat <<EOF
    PKCS#12/PFX Format

    The PKCS#12 or PFX format is a binary format for storing the server certificate,
    any intermediate certificates, and the private key in one encryptable file.
    PFX files usually have extensions such as .pfx and .p12.

    When converting a PFX file to PEM format, OpenSSL will put all the certificates and the private key into a single file.

    For converting must be give over the PFX File
    example:

    $0  PFX=<PFX_File.p12>

    Convert PFX_File.p12 to:

    user.pem
    ca.pem

    keys (with Passphare, protected)

    PFX filename must be without blank character
EOF
    exit 1;
}

LIST=$@
if [ -z "${LIST}" ]
then
    echo " ERROR: no Options";
    usage;
fi

valide_OPTIONS="PFX";
for OPTIONS in `echo ${LIST}`
do
    OPTIONS_tmp=`echo ${OPTIONS}|sed s/"=[/.A-Za-z0-9_-]*"//`
    check_OPTIONS=`echo ${valide_OPTIONS}|grep -i "${OPTIONS_tmp}"`
    if [ -z "${check_OPTIONS}" ]
    then
        echo "ERROR: Option ${OPTIONS} is invalide";
        shift; usage $0;
    fi

    eval `echo ${OPTIONS}|awk -vFS="=" '{gsub(/[[:space:]]+/,"",$2);print toupper($1)"='\''"$2"'\''"}'`
done

OPENSSL="/usr/bin/openssl";

for p in $BASENAME $OPENSSL
do
        if [ ! -x "${p}" ]
        then
            echo "ERROR: Programm ${p} not found";
            echo
            usage $0;
        fi
done

DIR="$( dirname "$PFX" )"

if [  "$DIR"  == "." ]
then
    DIR=`pwd`;
fi

USER="${DIR}/user.pem";
CA="${DIR}/ca.pem";
KEYS="${DIR}/keys.pem";
KEYS_pass="${DIR}/keys_pass.pem";
PFX_unprotected="${DIR}/unprotected.p12";
TEMP_PEM="${DIR}/temp";


for f in  $USER $CA $KEYS $KEYS_pass ${PFX_unprotected} ${TEMP_PEM}
do
    test -f ${f} && rm -f $f
    if [ -f  ${f} ]
    then
        echo "ERROR: Can not delete ${f}";
        echo
        usage $0;
        exit 1;
    fi
done

# remove passpharase from pkcs12
echo "remove the passpharase";
echo "Type blank by the question: Enter Export Password"
echo "Type blank by the question: Verifying - Enter Export Password:"
echo "_________________________________________________";
${OPENSSL} pkcs12 -in ${PFX} -nodes -out ${TEMP_PEM}
ERROR_CODE="$?";
if [ "${ERROR_CODE}" -gt "0" ]
then
        echo "ERROR: remove the passpharase";
        exit 1;
fi
${OPENSSL} pkcs12 -export -in ${TEMP_PEM}  -out ${PFX_unprotected}
echo "_________________________________________________";
echo "Type blank by the question: Enter Import Password:"
echo "create  ${USER}";
${OPENSSL} pkcs12 -in ${PFX_unprotected} -clcerts -nokeys -nodes -out ${USER}
echo "create ${KEYS}";
${OPENSSL} pkcs12 -in ${PFX_unprotected} -nocerts -nodes -out ${KEYS}
echo "create ${CA}";
${OPENSSL} pkcs12 -in ${PFX_unprotected} -cacerts -nodes -out ${CA}
echo "_________________________________________________";
echo "_________________________________________________";
echo "insert the new Passphare info ${KEYS_pass} ";
echo "Please Type your Passphare:";
${OPENSSL} rsa -des3 -in ${KEYS} -out ${KEYS_pass}

for f in  $USER $CA $KEYS $KEYS_pass
do
    if [ -f  ${f} ]
    then
        echo "OK: ${f}";
    else
        echo "ERROR: Can not create ${f}";
    fi
done

test -f ${KEYS} && rm -f ${KEYS}
test -f ${KEYS_pass} && mv ${KEYS_pass} ${KEYS}

test -f "${PFX_unprotected}" && rm -f ${PFX_unprotected}
for f in  ${PFX_unprotected} ${TEMP_PEM}
do
    test -f ${f} && rm -f $f
    if [ -f  ${f} ]
    then
        echo "ERROR: Can not delete ${f}";
        echo
        usage $0;
        exit 1;
    fi
done

Artikelaktionen