conver_p12_to_pem.sh

convert P12 File to PEM Format

#/bin/sh #set -x ########################################################################### # $Id: conver_p12_to_pem.sh,v 1.4 2013/06/05 06:19:28 Andreas_A_Kempf Exp $ # ########################################################################### # Convert PKCS#12 or PFX format to PEM format # # 10/2014 Andreas Kempf # # Author : $Author: Andreas_A_Kempf $ # Locker : $Locker: $ # Date : $Date: 2013/06/05 06:19:28 $ # Symbolic Name : $Name: $ # Revision : $Revision: 1.4 $ # State : $State: Exp $ ########################################################################### usage() { cat <<EOF PKCS#12/PFX Format

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12.

When converting a PFX file to PEM format, OpenSSL will put all the certificates and the private key into a single file.

For converting must be give over the PFX File example:

$0 PFX=<PFX_File.p12>

Convert PFX_File.p12 to:

user.pem ca.pem

keys (with Passphare, protected)

PFX filename must be without blank character EOF exit 1; }

LIST=$@ if [ -z "${LIST}" ] then echo " ERROR: no Options"; usage; fi

valide_OPTIONS="PFX"; for OPTIONS in `echo ${LIST}` do OPTIONS_tmp=`echo ${OPTIONS}|sed s/"=[/.A-Za-z0-9_-]*"//` check_OPTIONS=`echo ${valide_OPTIONS}|grep -i "${OPTIONS_tmp}"` if [ -z "${check_OPTIONS}" ] then echo "ERROR: Option ${OPTIONS} is invalide"; shift; usage $0; fi

eval `echo ${OPTIONS}|awk -vFS="=" '{gsub(/[[:space:]]+/,"",$2);print toupper($1)"='\''"$2"'\''"}'` done

OPENSSL="/usr/bin/openssl";

for p in $BASENAME $OPENSSL do if [ ! -x "${p}" ] then echo "ERROR: Programm ${p} not found"; echo usage $0; fi done

DIR="$( dirname "$PFX" )"

if [ "$DIR" == "." ] then DIR=`pwd`; fi

USER="${DIR}/user.pem"; CA="${DIR}/ca.pem"; KEYS="${DIR}/keys.pem"; KEYS_pass="${DIR}/keys_pass.pem"; PFX_unprotected="${DIR}/unprotected.p12"; TEMP_PEM="${DIR}/temp";

for f in $USER $CA $KEYS $KEYS_pass ${PFX_unprotected} ${TEMP_PEM} do test -f ${f} && rm -f $f if [ -f ${f} ] then echo "ERROR: Can not delete ${f}"; echo usage $0; exit 1; fi done

# remove passpharase from pkcs12 echo "remove the passpharase"; echo "Type blank by the question: Enter Export Password" echo "Type blank by the question: Verifying - Enter Export Password:" echo "_________________________________________________"; ${OPENSSL} pkcs12 -in ${PFX} -nodes -out ${TEMP_PEM} ERROR_CODE="$?"; if [ "${ERROR_CODE}" -gt "0" ] then echo "ERROR: remove the passpharase"; exit 1; fi ${OPENSSL} pkcs12 -export -in ${TEMP_PEM} -out ${PFX_unprotected} echo "_________________________________________________"; echo "Type blank by the question: Enter Import Password:" echo "create ${USER}"; ${OPENSSL} pkcs12 -in ${PFX_unprotected} -clcerts -nokeys -nodes -out ${USER} echo "create ${KEYS}"; ${OPENSSL} pkcs12 -in ${PFX_unprotected} -nocerts -nodes -out ${KEYS} echo "create ${CA}"; ${OPENSSL} pkcs12 -in ${PFX_unprotected} -cacerts -nodes -out ${CA} echo "_________________________________________________"; echo "_________________________________________________"; echo "insert the new Passphare info ${KEYS_pass} "; echo "Please Type your Passphare:"; ${OPENSSL} rsa -des3 -in ${KEYS} -out ${KEYS_pass}

for f in $USER $CA $KEYS $KEYS_pass do if [ -f ${f} ] then echo "OK: ${f}"; else echo "ERROR: Can not create ${f}"; fi done

test -f ${KEYS} && rm -f ${KEYS} test -f ${KEYS_pass} && mv ${KEYS_pass} ${KEYS}

test -f "${PFX_unprotected}" && rm -f ${PFX_unprotected} for f in ${PFX_unprotected} ${TEMP_PEM} do test -f ${f} && rm -f $f if [ -f ${f} ] then echo "ERROR: Can not delete ${f}"; echo usage $0; exit 1; fi done

Artikelaktionen

Drucken