Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
A quick and dirty script to remove password from SSL certificate. Source:
# the source:
if [ $# -ne 2 ]
echo "Usage: `basename $0` YourPKCSFile YourPKCSPassword"
#First, extract the certificate:
openssl pkcs12 -clcerts -nokeys -in $YourPKCSFile -out certificate.crt -password pass:$PASSWORD -passin pass:$PASSWORD
#Second, the CA key:
openssl pkcs12 -cacerts -nokeys -in $YourPKCSFile -out -password pass:$PASSWORD -passin pass:$PASSWORD
#Now, the private key:
openssl pkcs12 -nocerts -in $YourPKCSFile -out private.key -password pass:$PASSWORD -passin pass:$PASSWORD -passout pass:$TemporaryPassword
#Remove now the passphrase:
openssl rsa -in private.key -out "NewKeyFile.key" -passin pass:$TemporaryPassword
#Put things together for the new PKCS-File:
cat "NewKeyFile.key" > PEM.pem
cat "certificate.crt" >> PEM.pem
cat "" >> PEM.pem
#And create the new file:
openssl pkcs12 -export -nodes -CAfile -in PEM.pem -out $YourPKCSFile"_no_password"
rm NewKeyFile.key certificate.crt private.key PEM.pem
#Now you have a new PKCS12 key file without passphrase on the private key part.

This comment has been minimized.

Copy link

@mi6th mi6th commented Feb 22, 2018

The TemporaryPassword is to short causing an error:

UI routines:UI_set_result:result too small:crypto/ui/ui_lib.c:765:You must type in 4 to 1023 characters

(OpenSSL 1.1.0g 2 Nov 2017), so it has to be at least 4 characters long.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment