ssubzwari/QnapPlexCertPem2Pks12.sh

## QnapPlexCertPem2Pks12.sh
#!/bin/bash

# --- Configuration ---
CERT_FILE="/etc/stunnel/stunnel.pem"        # Path to your PEM certificate file (e.g., fullchain.pem)
PRIVATE_KEY_FILE="/etc/stunnel/stunnel.pem" # Path to the corresponding private key file
PKCS12_OUTPUT_FILE="PlexP12Cert.pks" # Desired name for the output PKCS#12 file
DAYS_THRESHOLD=30                        # Convert if certificate expires within this many days

# IMPORTANT: Replace the placeholder below with your actual PKCS#12 conversion command.
# This command will be executed if the certificate is expiring soon.
# It uses 'openssl pkcs12 -export' to convert. You will be prompted for an export password.
CONVERSION_COMMAND="openssl pkcs12 -export -out \"$PKCS12_OUTPUT_FILE\" -inkey \"$PRIVATE_KEY_FILE\" -in \"$CERT_FILE\" -name \"MyCertificate\""
# Alternatively, to provide a password non-interactively (USE WITH CAUTION IN SCRIPTS!):
# CONVERSION_COMMAND="openssl pkcs12 -export -out \"$PKCS12_OUTPUT_FILE\" -inkey \"$PRIVATE_KEY_FILE\" -in \"$CERT_FILE\" -passout pass:YOUR_SECURE_PASSWORD -name \"MyCertificate\""


# --- Functions ---

# Function to display error messages and exit
function error_exit() {
    echo "ERROR: $1" >&2
    exit 1
}

# Function to get certificate expiry date in Unix timestamp
function get_expiry_timestamp() {
    # Extract the 'notAfter' date from the certificate and convert it to a Unix timestamp.
    # '2>/dev/null' suppresses potential error messages from date if the input is malformed.
    openssl x509 -in "$1" -enddate -noout | \
    sed 's/notAfter=//' | \
    xargs -I {} date -d {} +%s 2>/dev/null
}

# Function to get current Unix timestamp
function get_current_timestamp() {
    date +%s
}

# --- Main Script ---

echo "--- Certificate Expiry Check and PKCS#12 Conversion ---"
echo "Certificate File: $CERT_FILE"
echo "Private Key File: $PRIVATE_KEY_FILE"
echo "PKCS#12 Output: $PKCS12_OUTPUT_FILE"
echo "Renewal Threshold: $DAYS_THRESHOLD days"

# 1. Check if the certificate file exists
if [[ ! -f "$CERT_FILE" ]]; then
    error_exit "Certificate file not found: $CERT_FILE"
fi

# 2. Check if the private key file exists
if [[ ! -f "$PRIVATE_KEY_FILE" ]]; then
    error_exit "Private key file not found: $PRIVATE_KEY_FILE. PKCS#12 conversion requires the private key."
fi

# 3. Get the expiry date as a Unix timestamp
EXPIRY_TIMESTAMP=$(get_expiry_timestamp "$CERT_FILE")

if [[ -z "$EXPIRY_TIMESTAMP" ]]; then
    error_exit "Could not extract expiry date from $CERT_FILE. Is it a valid PEM certificate?"
fi

# 4. Get the current date as a Unix timestamp
CURRENT_TIMESTAMP=$(get_current_timestamp)

# 5. Calculate remaining seconds until expiry
REMAINING_SECONDS=$((EXPIRY_TIMESTAMP - CURRENT_TIMESTAMP))

# 6. Calculate remaining days until expiry
REMAINING_DAYS=$((REMAINING_SECONDS / 86400)) # 86400 seconds in a day

echo "Current Date: $(date)"
echo "Certificate Expiry Date: $(date -d "@$EXPIRY_TIMESTAMP")"
echo "Remaining Days until Expiry: $REMAINING_DAYS days"

# 7. Check if conversion is needed
if [[ "$REMAINING_DAYS" -le "$DAYS_THRESHOLD" ]]; then
    echo "--- PKCS#12 CONVERSION REQUIRED ---"
    echo "Certificate expires within $DAYS_THRESHOLD days. Initiating PKCS#12 conversion..."

    # Execute the conversion command
    echo "Executing command: $CONVERSION_COMMAND"
    if eval "$CONVERSION_COMMAND"; then
        echo "PKCS#12 file '$PKCS12_OUTPUT_FILE' created successfully."
        echo "Remember to secure this file and its password."
    else
        error_exit "PKCS#12 conversion failed. Please check the command and file permissions."
    fi
else
    echo "--- NO PKCS#12 CONVERSION NEEDED ---"
    echo "Certificate is valid for more than $DAYS_THRESHOLD days. No action required for PKCS#12 conversion."
fi

echo "--- Script Finished ---"
	#!/bin/bash

	# --- Configuration ---
	CERT_FILE="/etc/stunnel/stunnel.pem" # Path to your PEM certificate file (e.g., fullchain.pem)
	PRIVATE_KEY_FILE="/etc/stunnel/stunnel.pem" # Path to the corresponding private key file
	PKCS12_OUTPUT_FILE="PlexP12Cert.pks" # Desired name for the output PKCS#12 file
	DAYS_THRESHOLD=30 # Convert if certificate expires within this many days

	# IMPORTANT: Replace the placeholder below with your actual PKCS#12 conversion command.
	# This command will be executed if the certificate is expiring soon.
	# It uses 'openssl pkcs12 -export' to convert. You will be prompted for an export password.
	CONVERSION_COMMAND="openssl pkcs12 -export -out \"$PKCS12_OUTPUT_FILE\" -inkey \"$PRIVATE_KEY_FILE\" -in \"$CERT_FILE\" -name \"MyCertificate\""
	# Alternatively, to provide a password non-interactively (USE WITH CAUTION IN SCRIPTS!):
	# CONVERSION_COMMAND="openssl pkcs12 -export -out \"$PKCS12_OUTPUT_FILE\" -inkey \"$PRIVATE_KEY_FILE\" -in \"$CERT_FILE\" -passout pass:YOUR_SECURE_PASSWORD -name \"MyCertificate\""


	# --- Functions ---

	# Function to display error messages and exit
	function error_exit() {
	echo "ERROR: $1" >&2
	exit 1
	}

	# Function to get certificate expiry date in Unix timestamp
	function get_expiry_timestamp() {
	# Extract the 'notAfter' date from the certificate and convert it to a Unix timestamp.
	# '2>/dev/null' suppresses potential error messages from date if the input is malformed.
	openssl x509 -in "$1" -enddate -noout \| \
	sed 's/notAfter=//' \| \
	xargs -I {} date -d {} +%s 2>/dev/null
	}

	# Function to get current Unix timestamp
	function get_current_timestamp() {
	date +%s
	}

	# --- Main Script ---

	echo "--- Certificate Expiry Check and PKCS#12 Conversion ---"
	echo "Certificate File: $CERT_FILE"
	echo "Private Key File: $PRIVATE_KEY_FILE"
	echo "PKCS#12 Output: $PKCS12_OUTPUT_FILE"
	echo "Renewal Threshold: $DAYS_THRESHOLD days"

	# 1. Check if the certificate file exists
	if [[ ! -f "$CERT_FILE" ]]; then
	error_exit "Certificate file not found: $CERT_FILE"
	fi

	# 2. Check if the private key file exists
	if [[ ! -f "$PRIVATE_KEY_FILE" ]]; then
	error_exit "Private key file not found: $PRIVATE_KEY_FILE. PKCS#12 conversion requires the private key."
	fi

	# 3. Get the expiry date as a Unix timestamp
	EXPIRY_TIMESTAMP=$(get_expiry_timestamp "$CERT_FILE")

	if [[ -z "$EXPIRY_TIMESTAMP" ]]; then
	error_exit "Could not extract expiry date from $CERT_FILE. Is it a valid PEM certificate?"
	fi

	# 4. Get the current date as a Unix timestamp
	CURRENT_TIMESTAMP=$(get_current_timestamp)

	# 5. Calculate remaining seconds until expiry
	REMAINING_SECONDS=$((EXPIRY_TIMESTAMP - CURRENT_TIMESTAMP))

	# 6. Calculate remaining days until expiry
	REMAINING_DAYS=$((REMAINING_SECONDS / 86400)) # 86400 seconds in a day

	echo "Current Date: $(date)"
	echo "Certificate Expiry Date: $(date -d "@$EXPIRY_TIMESTAMP")"
	echo "Remaining Days until Expiry: $REMAINING_DAYS days"

	# 7. Check if conversion is needed
	if [[ "$REMAINING_DAYS" -le "$DAYS_THRESHOLD" ]]; then
	echo "--- PKCS#12 CONVERSION REQUIRED ---"
	echo "Certificate expires within $DAYS_THRESHOLD days. Initiating PKCS#12 conversion..."

	# Execute the conversion command
	echo "Executing command: $CONVERSION_COMMAND"
	if eval "$CONVERSION_COMMAND"; then
	echo "PKCS#12 file '$PKCS12_OUTPUT_FILE' created successfully."
	echo "Remember to secure this file and its password."
	else
	error_exit "PKCS#12 conversion failed. Please check the command and file permissions."
	fi
	else
	echo "--- NO PKCS#12 CONVERSION NEEDED ---"
	echo "Certificate is valid for more than $DAYS_THRESHOLD days. No action required for PKCS#12 conversion."
	fi

	echo "--- Script Finished ---"