#!/bin/bash

# the source: http://serverfault.com/questions/515833/how-to-remove-private-key-password-from-pkcs12-container

if [ $# -ne 2 ]
then
  echo "Usage: `basename $0` YourPKCSFile YourPKCSPassword"
  exit $E_BADARGS
fi



YourPKCSFile=$1
PASSWORD=$2
TemporaryPassword=123



#First, extract the certificate:
openssl pkcs12 -clcerts -nokeys -in $YourPKCSFile -out certificate.crt -password pass:$PASSWORD -passin pass:$PASSWORD

#Second, the CA key:
openssl pkcs12 -cacerts -nokeys -in $YourPKCSFile -out ca-cert.ca -password pass:$PASSWORD -passin pass:$PASSWORD

#Now, the private key:
openssl pkcs12 -nocerts -in $YourPKCSFile -out private.key -password pass:$PASSWORD -passin pass:$PASSWORD -passout pass:$TemporaryPassword

#Remove now the passphrase:
openssl rsa -in private.key -out "NewKeyFile.key" -passin pass:$TemporaryPassword

#Put things together for the new PKCS-File:
cat "NewKeyFile.key" > PEM.pem
cat "certificate.crt" >> PEM.pem
cat "ca-cert.ca" >> PEM.pem

#And create the new file:
openssl pkcs12 -export -nodes -CAfile ca-cert.ca -in PEM.pem -out $YourPKCSFile"_no_password"

#cleaning
rm NewKeyFile.key ca-cert.ca certificate.crt private.key PEM.pem


#Now you have a new PKCS12 key file without passphrase on the private key part.