conver_p12_to_pem.sh
#/bin/sh
#set -x
###########################################################################
# $Id: conver_p12_to_pem.sh,v 1.4 2013/06/05 06:19:28 Andreas_A_Kempf Exp $
#
###########################################################################
# Convert PKCS#12 or PFX format to PEM format
#
# 10/2014 Andreas Kempf
#
# Author : $Author: Andreas_A_Kempf $
# Locker : $Locker: $
# Date : $Date: 2013/06/05 06:19:28 $
# Symbolic Name : $Name: $
# Revision : $Revision: 1.4 $
# State : $State: Exp $
###########################################################################
usage() {
cat <<EOF
PKCS#12/PFX Format
The PKCS#12 or PFX format is a binary format for storing the server certificate,
any intermediate certificates, and the private key in one encryptable file.
PFX files usually have extensions such as .pfx and .p12.
When converting a PFX file to PEM format, OpenSSL will put all the certificates and the private key into a single file.
For converting must be give over the PFX File
example:
$0 PFX=<PFX_File.p12>
Convert PFX_File.p12 to:
user.pem
ca.pem
keys (with Passphare, protected)
PFX filename must be without blank character
EOF
exit 1;
}
LIST=$@
if [ -z "${LIST}" ]
then
echo " ERROR: no Options";
usage;
fi
valide_OPTIONS="PFX";
for OPTIONS in `echo ${LIST}`
do
OPTIONS_tmp=`echo ${OPTIONS}|sed s/"=[/.A-Za-z0-9_-]*"//`
check_OPTIONS=`echo ${valide_OPTIONS}|grep -i "${OPTIONS_tmp}"`
if [ -z "${check_OPTIONS}" ]
then
echo "ERROR: Option ${OPTIONS} is invalide";
shift; usage $0;
fi
eval `echo ${OPTIONS}|awk -vFS="=" '{gsub(/[[:space:]]+/,"",$2);print toupper($1)"='\''"$2"'\''"}'`
done
OPENSSL="/usr/bin/openssl";
for p in $BASENAME $OPENSSL
do
if [ ! -x "${p}" ]
then
echo "ERROR: Programm ${p} not found";
echo
usage $0;
fi
done
DIR="$( dirname "$PFX" )"
if [ "$DIR" == "." ]
then
DIR=`pwd`;
fi
USER="${DIR}/user.pem";
CA="${DIR}/ca.pem";
KEYS="${DIR}/keys.pem";
KEYS_pass="${DIR}/keys_pass.pem";
PFX_unprotected="${DIR}/unprotected.p12";
TEMP_PEM="${DIR}/temp";
for f in $USER $CA $KEYS $KEYS_pass ${PFX_unprotected} ${TEMP_PEM}
do
test -f ${f} && rm -f $f
if [ -f ${f} ]
then
echo "ERROR: Can not delete ${f}";
echo
usage $0;
exit 1;
fi
done
# remove passpharase from pkcs12
echo "remove the passpharase";
echo "Type blank by the question: Enter Export Password"
echo "Type blank by the question: Verifying - Enter Export Password:"
echo "_________________________________________________";
${OPENSSL} pkcs12 -in ${PFX} -nodes -out ${TEMP_PEM}
ERROR_CODE="$?";
if [ "${ERROR_CODE}" -gt "0" ]
then
echo "ERROR: remove the passpharase";
exit 1;
fi
${OPENSSL} pkcs12 -export -in ${TEMP_PEM} -out ${PFX_unprotected}
echo "_________________________________________________";
echo "Type blank by the question: Enter Import Password:"
echo "create ${USER}";
${OPENSSL} pkcs12 -in ${PFX_unprotected} -clcerts -nokeys -nodes -out ${USER}
echo "create ${KEYS}";
${OPENSSL} pkcs12 -in ${PFX_unprotected} -nocerts -nodes -out ${KEYS}
echo "create ${CA}";
${OPENSSL} pkcs12 -in ${PFX_unprotected} -cacerts -nodes -out ${CA}
echo "_________________________________________________";
echo "_________________________________________________";
echo "insert the new Passphare info ${KEYS_pass} ";
echo "Please Type your Passphare:";
${OPENSSL} rsa -des3 -in ${KEYS} -out ${KEYS_pass}
for f in $USER $CA $KEYS $KEYS_pass
do
if [ -f ${f} ]
then
echo "OK: ${f}";
else
echo "ERROR: Can not create ${f}";
fi
done
test -f ${KEYS} && rm -f ${KEYS}
test -f ${KEYS_pass} && mv ${KEYS_pass} ${KEYS}
test -f "${PFX_unprotected}" && rm -f ${PFX_unprotected}
for f in ${PFX_unprotected} ${TEMP_PEM}
do
test -f ${f} && rm -f $f
if [ -f ${f} ]
then
echo "ERROR: Can not delete ${f}";
echo
usage $0;
exit 1;
fi
done
Artikelaktionen