Process PFX certificate chain for Cisco AnyConnect on Linux

cisco-process-pfx.sh

#!/bin/bash

ca="$HOME/.cisco/certificates/ca/ca.pem"
client="$HOME/.cisco/certificates/client/personal.pem"
key="$HOME/.cisco/certificates/client/private/personal.key"


if [ ! -f "$1" ]; then
        echo "Provide the full chain pfx file as argument."
        echo "Eg.: ./process-pfx.sh /home/tburton/Desktop/tburton_cert_chain.pfx"
        exit
fi

rm -rf $HOME/.cisco/certificates
mkdir -p $HOME/.cisco/certificates/ca
mkdir -p $HOME/.cisco/certificates/client/private

read -s -p 'Enter password to extract PFX: ' pass

echo ""
echo ""

echo "Extracting CA public cert..."
openssl pkcs12 -in $1 -cacerts -nokeys -nodes -passin file:<( echo -n "$pass" ) | openssl x509 -out "$ca"
echo "Done. Extracted in $ca"
echo ""

echo "Extracting client (personal) public cert..."
openssl pkcs12 -in $1 -clcerts -nokeys -nodes -passin file:<( echo -n "$pass" ) | openssl x509 -out "$client"
echo "Done. Extracted in $client"
echo ""

echo "Extracting client (personal) private key..."
openssl pkcs12 -in $1 -nocerts -nodes -passin file:<( echo -n "$pass" ) | openssl rsa -out "$key"
echo "Done. Extracted in $key"
echo ""

echo "Setting secure permissions on private key..."
chmod 640 "$key"

echo "All done. Try to connect now. Bye!"