Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Change the passphrase and private key password for a PKCS#12 archive
#!/bin/bash
current_archive=$1
current_password=$2
new_password=$3
new_archive=$4
if [[ -z "$new_archive" ]]; then
new_archive="${current_archive%.*}_new.p12"
fi
echo "$current_password" | openssl pkcs12 -clcerts -nokeys -in "$current_archive" \
-out temp_cert.crt -passin stdin
echo "$current_password" | openssl pkcs12 -cacerts -chain -nokeys -in "$current_archive" \
-out temp_ca_cert.ca -passin stdin
echo "$current_password
$current_password
$current_password" | openssl pkcs12 -nocerts -in "$current_archive" \
-out temp_private.key -passin stdin -passout stdin
cat temp_private.key temp_cert.crt temp_ca_cert.ca > temp.pem
echo "$current_password
$new_password
$new_password" | openssl pkcs12 -export -CAfile temp_ca_cert.ca -in temp.pem \
-out "$new_archive" -passin stdin -passout stdin
rm temp.pem
rm temp_private.key
rm temp_cert.crt
rm temp_ca_cert.ca
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.