-
-
Save eignatov/b7d00cac3d7dffe3f86deeba28bf0d6f to your computer and use it in GitHub Desktop.
A quick and dirty script to remove password from SSL certificate. Source: http://serverfault.com/questions/515833/how-to-remove-private-key-password-from-pkcs12-container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # the source: http://serverfault.com/questions/515833/how-to-remove-private-key-password-from-pkcs12-container | |
| if [ $# -ne 2 ] | |
| then | |
| echo "Usage: `basename $0` YourPKCSFile YourPKCSPassword" | |
| exit $E_BADARGS | |
| fi | |
| YourPKCSFile=$1 | |
| PASSWORD=$2 | |
| TemporaryPassword=123 | |
| #First, extract the certificate: | |
| openssl pkcs12 -clcerts -nokeys -in $YourPKCSFile -out certificate.crt -password pass:$PASSWORD -passin pass:$PASSWORD | |
| #Second, the CA key: | |
| openssl pkcs12 -cacerts -nokeys -in $YourPKCSFile -out ca-cert.ca -password pass:$PASSWORD -passin pass:$PASSWORD | |
| #Now, the private key: | |
| openssl pkcs12 -nocerts -in $YourPKCSFile -out private.key -password pass:$PASSWORD -passin pass:$PASSWORD -passout pass:$TemporaryPassword | |
| #Remove now the passphrase: | |
| openssl rsa -in private.key -out "NewKeyFile.key" -passin pass:$TemporaryPassword | |
| #Put things together for the new PKCS-File: | |
| cat "NewKeyFile.key" > PEM.pem | |
| cat "certificate.crt" >> PEM.pem | |
| cat "ca-cert.ca" >> PEM.pem | |
| #And create the new file: | |
| openssl pkcs12 -export -nodes -CAfile ca-cert.ca -in PEM.pem -out $YourPKCSFile"_no_password" | |
| #cleaning | |
| rm NewKeyFile.key ca-cert.ca certificate.crt private.key PEM.pem | |
| #Now you have a new PKCS12 key file without passphrase on the private key part. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment