Skip to content
/ pfx-to-apache-ssl Public

The bash script to clean up the .PFX certificates and private keys and package them into a apache format zip file

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rkruk/pfx-to-apache-ssl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
certificate-export.sh
certificate-export.sh
 
 

Repository files navigation

About

This bash script extracts the private key, certificate, and chain certificates from a .pfx file, removes any unnecessary metadata (such as Bag Attributes), and then packages the cleaned certificates and keys into a ZIP file (files are prepared in the apache format) for installation on the linux servers.

It is designed to facilitate the export of SSL certificates, private keys, and intermediate certificates for a specified domain.

How the Script Works:

Input:

The script prompts the user for two inputs:
Domain Name: The domain associated with the certificate (e.g., example.com).
PFX Password: The password for the .pfx file that contains the private key, certificate, and chain certificates.

Extracting the Components:

The script uses openssl commands to extract three components from the .pfx file:

  • Private Key: Extracted using the -nocerts option to avoid pulling in certificates.
  • Certificate (Public Key): Extracted using the -clcerts option to include only the end-entity certificate, excluding the CA certificates.
  • Chain Certificates (Intermediate Certificates): Extracted using the -cacerts option to include all intermediate certificates in the chain.

Each of these components is cleaned using the awk command to strip away unwanted metadata like Bag Attributes, localKeyID, and friendlyName which may appear in the .pem format.

Saving Files:
The cleaned certificates and keys are saved in separate files:

  • example_com_private_key.pem (Private Key)
  • example_com_certificate.pem (Public Certificate)
  • example_com_chain_certs.pem (Intermediate Certificates)

Creating a Folder:
The script creates a directory named example_com_ssl_cert_pack to store the extracted files.

Packaging: The three PEM files are moved into the newly created directory.
The directory is then zipped into a file named example_com_ssl_cert_pack.zip.

Cleanup:
The script removes the temporary directory (example_com_ssl_cert_pack) after zipping it, leaving only the ZIP file as output.

Usage:
Make the script executable:

chmod +x certificate-export.sh

Run the script:

./certificate-export.sh

Follow the prompts:

The script will ask you to input the domain name and PFX password.

Output:
After running, you will receive a ZIP file named example_com_ssl_cert_pack.zip containing the following files:

  • example_com_private_key.pem (Private key)
  • example_com_certificate.pem (SSL certificate)
  • example_com_chain_certs.pem (Intermediate certificates)

Dependencies:
The script requires openssl and awk to extract and clean the PEM files.
It works with .pfx files that contain the private key, SSL certificate, and chain certificates.

Example:
Run the script:

bash certificate-export.sh

Enter the domain name: example.com and the PFX password. The script extracts the necessary files, cleans them from metadata, and produces the following ZIP file: example_com_ssl_cert_pack.zip.
This script simplifies the process of preparing SSL certificates for server installation and can be used by administrators to easily export and send certificates to hosting providers or other administrators.

About

The bash script to clean up the .PFX certificates and private keys and package them into a apache format zip file

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages