Using OpenSSL to strip passwords, add proper CSPs for SHA256, and create pems

openSSLGoodies.bat

# Adjust CSP
openssl pkcs12 -in cert.pfx -out cert.pem -password pass:<password> -passin pass:<password>
openssl pkcs12 -export -in cert.pem -out cert-new.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
certutil -dump cert-new.pfx

# Rename file
rename cert.pfx cert-original.pfx
rename cert-new.pfx cert.pfx

# Strip Password
openssl pkcs12 -clcerts -nokeys -in cert.pfx -out temp.crt -password pass:<password> -passin pass:<password>
openssl pkcs12 -cacerts -nokeys -in cert.pfx -out ca-cert.ca -password pass:<password> -passin pass:<password>
openssl pkcs12 -nocerts -in cert.pfx -out temp.key -password pass:<password> -passout pass:<password>
openssl rsa -in temp.key -out temp-nopass.key -passin pass:<password>
:: Response --> writing RSA key
type temp-nopass.key temp.crt ca-cert.ca > temp.pem
openssl pkcs12 -export -nodes -CAfile ca-cert.ca -in temp.pem -out star-domain-ad-nopass.pfx

# Create no pass pems
openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes -password pass:<password> -passin pass:<password>
openssl pkcs12 -in cert.pfx -nokeys -out star-domain-ad-nopass.pem -password pass:<password> -passin pass:<password>
openssl rsa -in key.pem -out star-domain-ad-nopass_key.pem

# Clean up
del key.pem temp-nopass.key temp.key ca-cert.ca temp.crt cert.pem cert.pfx cert-original.pfx