Last active
June 26, 2020 16:33
-
-
Save levi-turner/0e76839fee10e5de5bfbf901e5773b49 to your computer and use it in GitHub Desktop.
Using OpenSSL to strip passwords, add proper CSPs for SHA256, and create pems
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Adjust CSP | |
openssl pkcs12 -in cert.pfx -out cert.pem -password pass:<password> -passin pass:<password> | |
openssl pkcs12 -export -in cert.pem -out cert-new.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" | |
certutil -dump cert-new.pfx | |
# Rename file | |
rename cert.pfx cert-original.pfx | |
rename cert-new.pfx cert.pfx | |
# Strip Password | |
openssl pkcs12 -clcerts -nokeys -in cert.pfx -out temp.crt -password pass:<password> -passin pass:<password> | |
openssl pkcs12 -cacerts -nokeys -in cert.pfx -out ca-cert.ca -password pass:<password> -passin pass:<password> | |
openssl pkcs12 -nocerts -in cert.pfx -out temp.key -password pass:<password> -passout pass:<password> | |
openssl rsa -in temp.key -out temp-nopass.key -passin pass:<password> | |
:: Response --> writing RSA key | |
type temp-nopass.key temp.crt ca-cert.ca > temp.pem | |
openssl pkcs12 -export -nodes -CAfile ca-cert.ca -in temp.pem -out star-domain-ad-nopass.pfx | |
# Create no pass pems | |
openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes -password pass:<password> -passin pass:<password> | |
openssl pkcs12 -in cert.pfx -nokeys -out star-domain-ad-nopass.pem -password pass:<password> -passin pass:<password> | |
openssl rsa -in key.pem -out star-domain-ad-nopass_key.pem | |
# Clean up | |
del key.pem temp-nopass.key temp.key ca-cert.ca temp.crt cert.pem cert.pfx cert-original.pfx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment