Wednesday, March 18th, 2009 | Author:

[edit] So much for that. It turns out that openssl is able to determine that the key and certificate are already in a single file. Therefore, no csplitting required (ভাল, I hope somebody reading this at least learned about how nice csplit is). In fact, the whole script might as well be obsoleteblaargh. Well, at least it gives a nice warning about not giving a blank passphrase. 😀

Here’s the new version:

pem2pfxconverts a .pem-formatted file containing a private key and signed certificate into a Windows-compatible .pfx certificate file.

#!/bin/bash
#pem2pfx
#v0.2
#Tricky - brendan@swiftspirit.co.za
# Converts a .pem certificate file to .pfx format
# $1 is the source file
set -e
 
if [ $# = 1 ]; then
  outputfile=`echo $1 | sed 's/.pem$/.pfx/'`
 
  echo "Please specify a password below. Windows refuses to import a .pfx certificate with a blank password."
  openssl pkcs12 -export -out $outputfile -মধ্যে $1
 
 else
  echo "pem2pfx - converts a .pem formatted private-key and certificate file to an IIS-compatible .pfx file."
  echo "Usage: pem2pfx inputfile.pem"
fi

Old Version:

I’ve had many occasions where an ssl certificate needs to be exported from one system and re-imported to another. Finally, after scouring the Internet and finding that there isn’t any one-line way to convert a certificate from .pem format (as given by Plesk on Linux) to .pfx format (the way IIS likes it), I’ve made the following bash script:

pem2pfxconverts a .pem-formatted file containing a private key and signed certificate into an IIS-compatible .pfx certificate file.

#!/bin/bash
#pem2pfx
#v0.1
#Tricky - brendan@swiftspirit.co.za
# Converts a plesk-produced .pem certificate file to .pfx format
# $1 is the source file
set -e
 
FIXEDRAND=$RANDOM.$$
 
if [ $# = 1 ]; then
  outputfile=`echo $1 | sed 's/.pem$/.pfx/'`
 
  csplit -f $FIXEDRAND.parts $1 /-----BEGIN/ {*} 2>&1 > /dev/null
set +e
  for i মধ্যে $FIXEDRAND.parts* ; do
   grep '-----BEGIN CERTIFICATE-----' $i 2>&1 > /dev/null && cp $i $FIXEDRAND.crt
   grep '-----BEGIN RSA PRIVATE KEY-----' $i 2>&1 > /dev/null && cp $i $FIXEDRAND.key
  done
set -e
 
  echo "Please specify a password below. IIS refuses to load a .pfx with a blank password."
  openssl pkcs12 -export -out $outputfile -inkey $FIXEDRAND.key -মধ্যে $FIXEDRAND.crt
  #Cleanup
  rm $FIXEDRAND.*
 
 else
  echo "pem2pfx - converts a .pem formatted private-key and certificate file to an IIS-compatible .pfx file."
  echo "Usage: pem2pfx inputfile.pem"
fi
ভাগ
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, বা trackback from your own site.

4 Responses

  1. 1
    Craig 

    Neeto! Pastebin it!

  2. 2
    Craig 

    Where all the older scripts, they literally just disappeared before my eyes?

  3. 3
    Tricky 

    Lol. They’ll be like Pokemon. A new page for them all. 😉

  4. 4
    Lukasz 

    This page save my time ! Thanks

    I have one suggestionplease add to the script a text info, how to generate pem file from two independent files.

Leave a Reply » Log in