From 21b8e5e75c81b610f6e72a0bceb71fb44d6119da Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 27 Jul 2021 14:35:59 +0000 Subject: [PATCH] Add new file remove_pass_from_pkcs12_cert.sh --- ssl/remove_pass_from_pkcs12_cert.sh | 43 +++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 ssl/remove_pass_from_pkcs12_cert.sh diff --git a/ssl/remove_pass_from_pkcs12_cert.sh b/ssl/remove_pass_from_pkcs12_cert.sh new file mode 100644 index 0000000..4350fa6 --- /dev/null +++ b/ssl/remove_pass_from_pkcs12_cert.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +# the source: http://serverfault.com/questions/515833/how-to-remove-private-key-password-from-pkcs12-container + +if [ $# -ne 2 ] +then + echo "Usage: `basename $0` YourPKCSFile YourPKCSPassword" + exit $E_BADARGS +fi + + + +YourPKCSFile=$1 +PASSWORD=$2 +TemporaryPassword=123 + + + +#First, extract the certificate: +openssl pkcs12 -clcerts -nokeys -in $YourPKCSFile -out certificate.crt -password pass:$PASSWORD -passin pass:$PASSWORD + +#Second, the CA key: +openssl pkcs12 -cacerts -nokeys -in $YourPKCSFile -out ca-cert.ca -password pass:$PASSWORD -passin pass:$PASSWORD + +#Now, the private key: +openssl pkcs12 -nocerts -in $YourPKCSFile -out private.key -password pass:$PASSWORD -passin pass:$PASSWORD -passout pass:$TemporaryPassword + +#Remove now the passphrase: +openssl rsa -in private.key -out "NewKeyFile.key" -passin pass:$TemporaryPassword + +#Put things together for the new PKCS-File: +cat "NewKeyFile.key" > PEM.pem +cat "certificate.crt" >> PEM.pem +cat "ca-cert.ca" >> PEM.pem + +#And create the new file: +openssl pkcs12 -export -nodes -CAfile ca-cert.ca -in PEM.pem -out $YourPKCSFile"_no_password" + +#cleaning +rm NewKeyFile.key ca-cert.ca certificate.crt private.key PEM.pem + + +#Now you have a new PKCS12 key file without passphrase on the private key part.