Add new file remove_pass_from_pkcs12_cert.sh

2021-07-27 14:35:59 +00:00 · 2021-07-27 14:35:59 +00:00 · 21b8e5e75c
commit 21b8e5e75c
parent 63f4f0e428
1 changed files with 43 additions and 0 deletions
--- a/ssl/remove_pass_from_pkcs12_cert.sh
+++ b/ssl/remove_pass_from_pkcs12_cert.sh
@ -0,0 +1,43 @@
+#!/bin/bash
+
+# the source: http://serverfault.com/questions/515833/how-to-remove-private-key-password-from-pkcs12-container
+
+if [ $# -ne 2 ]
+then
+  echo "Usage: `basename $0` YourPKCSFile YourPKCSPassword"
+  exit $E_BADARGS
+fi
+
+
+
+YourPKCSFile=$1
+PASSWORD=$2
+TemporaryPassword=123
+
+
+
+#First, extract the certificate:
+openssl pkcs12 -clcerts -nokeys -in $YourPKCSFile -out certificate.crt -password pass:$PASSWORD -passin pass:$PASSWORD
+
+#Second, the CA key:
+openssl pkcs12 -cacerts -nokeys -in $YourPKCSFile -out ca-cert.ca -password pass:$PASSWORD -passin pass:$PASSWORD
+
+#Now, the private key:
+openssl pkcs12 -nocerts -in $YourPKCSFile -out private.key -password pass:$PASSWORD -passin pass:$PASSWORD -passout pass:$TemporaryPassword
+
+#Remove now the passphrase:
+openssl rsa -in private.key -out "NewKeyFile.key" -passin pass:$TemporaryPassword
+
+#Put things together for the new PKCS-File:
+cat "NewKeyFile.key" > PEM.pem
+cat "certificate.crt" >> PEM.pem
+cat "ca-cert.ca" >> PEM.pem
+
+#And create the new file:
+openssl pkcs12 -export -nodes -CAfile ca-cert.ca -in PEM.pem -out $YourPKCSFile"_no_password"
+
+#cleaning
+rm NewKeyFile.key ca-cert.ca certificate.crt private.key PEM.pem
+
+
+#Now you have a new PKCS12 key file without passphrase on the private key part.