#!/bin/bash # the source: http://serverfault.com/questions/515833/how-to-remove-private-key-password-from-pkcs12-container if [ $# -ne 2 ] then echo "Usage: `basename $0` YourPKCSFile YourPKCSPassword" exit $E_BADARGS fi YourPKCSFile=$1 PASSWORD=$2 TemporaryPassword=123 #First, extract the certificate: openssl pkcs12 -clcerts -nokeys -in $YourPKCSFile -out certificate.crt -password pass:$PASSWORD -passin pass:$PASSWORD #Second, the CA key: openssl pkcs12 -cacerts -nokeys -in $YourPKCSFile -out ca-cert.ca -password pass:$PASSWORD -passin pass:$PASSWORD #Now, the private key: openssl pkcs12 -nocerts -in $YourPKCSFile -out private.key -password pass:$PASSWORD -passin pass:$PASSWORD -passout pass:$TemporaryPassword #Remove now the passphrase: openssl rsa -in private.key -out "NewKeyFile.key" -passin pass:$TemporaryPassword #Put things together for the new PKCS-File: cat "NewKeyFile.key" > PEM.pem cat "certificate.crt" >> PEM.pem cat "ca-cert.ca" >> PEM.pem #And create the new file: openssl pkcs12 -export -nodes -CAfile ca-cert.ca -in PEM.pem -out $YourPKCSFile"_no_password" #cleaning rm NewKeyFile.key ca-cert.ca certificate.crt private.key PEM.pem #Now you have a new PKCS12 key file without passphrase on the private key part.