From 21b8e5e75c81b610f6e72a0bceb71fb44d6119da Mon Sep 17 00:00:00 2001
From: petbau <petbau@linuxnet.ch>
Date: Tue, 27 Jul 2021 14:35:59 +0000
Subject: [PATCH] Add new file remove_pass_from_pkcs12_cert.sh

---
 ssl/remove_pass_from_pkcs12_cert.sh | 43 +++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 ssl/remove_pass_from_pkcs12_cert.sh

diff --git a/ssl/remove_pass_from_pkcs12_cert.sh b/ssl/remove_pass_from_pkcs12_cert.sh
new file mode 100644
index 0000000..4350fa6
--- /dev/null
+++ b/ssl/remove_pass_from_pkcs12_cert.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# the source: http://serverfault.com/questions/515833/how-to-remove-private-key-password-from-pkcs12-container
+
+if [ $# -ne 2 ]
+then
+  echo "Usage: `basename $0` YourPKCSFile YourPKCSPassword"
+  exit $E_BADARGS
+fi
+
+
+
+YourPKCSFile=$1
+PASSWORD=$2
+TemporaryPassword=123
+
+
+
+#First, extract the certificate:
+openssl pkcs12 -clcerts -nokeys -in $YourPKCSFile -out certificate.crt -password pass:$PASSWORD -passin pass:$PASSWORD
+
+#Second, the CA key:
+openssl pkcs12 -cacerts -nokeys -in $YourPKCSFile -out ca-cert.ca -password pass:$PASSWORD -passin pass:$PASSWORD
+
+#Now, the private key:
+openssl pkcs12 -nocerts -in $YourPKCSFile -out private.key -password pass:$PASSWORD -passin pass:$PASSWORD -passout pass:$TemporaryPassword
+
+#Remove now the passphrase:
+openssl rsa -in private.key -out "NewKeyFile.key" -passin pass:$TemporaryPassword
+
+#Put things together for the new PKCS-File:
+cat "NewKeyFile.key" > PEM.pem
+cat "certificate.crt" >> PEM.pem
+cat "ca-cert.ca" >> PEM.pem
+
+#And create the new file:
+openssl pkcs12 -export -nodes -CAfile ca-cert.ca -in PEM.pem -out $YourPKCSFile"_no_password"
+
+#cleaning
+rm NewKeyFile.key ca-cert.ca certificate.crt private.key PEM.pem
+
+
+#Now you have a new PKCS12 key file without passphrase on the private key part.