I am trying to convert a p12 to a pem from a shell script without any user input.
I can have the password as a variable within the script.
so when I call:
openssl pkcs12 -in *.p12 -out cert.pem -nodes
The terminal prints "Enter Import Password:" and waits for input.
I tried to pipe the password in with:
echo $PASS | openssl pkcs12 -in *.p12 -out cert.pem -nodes
as well as trying to use a flag with the openssl command but can't figure out how to do this.
This one liner worked for me-
openssl pkcs12 -in certificate.p12 -password pass:<your_password> -nodes | openssl x509 -noout -enddate
Related
I have a bash command like this
openssl pkcs12 -export -out ~/certificate.pfx -inkey /etc/letsencrypt/live/exapmle.com/privkey.pem -in /etc/letsencrypt/live/exapmle.com/cert.pem -certfile /etc/letsencrypt/live/exapmle.com/chain.pem
and now I'll be asked to enter a password to encrypt the .pfx file. So is there any way to set a password from command line to don't doing this operation manually every time?
Resulting command is
openssl pkcs12 -password pass:your_password -export -out ~/certificate.pfx -inkey /etc/letsencrypt/live/exapmle.com/privkey.pem -in /etc/letsencrypt/live/exapmle.com/cert.pem -certfile /etc/letsencrypt/live/exapmle.com/chain.pem
script.sh
certKey=$(openssl rand -hex 70)
openssl pkcs12 -export -out fullchain.p12 --passin pass:$certKey -inkey .../privkey.pem -in .../fullchain.pem
I when calling this script the certKey is not passed in, and system asks me for the pkcs12 password. But I am clearly trying to pass $certKey in.
openssl Documention
"-passin arg
The PKCS#12 file (i.e. input file) password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1)."
What am I missing? Thanks!
Should be -passout
openssl pkcs12 -export -out fullchain.p12 -passout pass:$certKey -inkey .../privkey.pem -in .../fullchain.pem
I have to create a shell-script that can decrypt a RSA key file that is encrypted with a specific .pem file. And then to decrypt zip file with the AES key which I get from the RSA file once it is decrypted in a file named keyaes (or whatever you want).
Here are the two commands I have to use
openssl rsautl -decrypt -in AES_KEY -inkey CERTIFICATE.pem -out keyaes
openssl enc -d -aes-256-cbc -in zipfile.zip -out extraction.zip -nosalt -p -K RSA_KEY_from_key_aes_output -iv 0
The commands work perfectly, the problem is in my script I don't know how to make it automatically and to get the key from the keyaes output and put it into the next command properly.
How can I do it ?
you could just use bash command substitution in the second command, using backticks
openssl enc -d -aes-256-cbc -in zipfile.zip -out extraction.zip -nosalt -p -K `cat output_filename_with_aes_key` -iv 0
Is there a way to run the following shell commands only on ruby?
I searched for weeks but I'm afraid it's not very well documented. I've tried a few methods from Ruby 'openssl' but I get different results.
%x[openssl pkcs8 -inform DER -in key.key -passin pass:passcode -out key.pem]
%x[openssl x509 -inform DER -in certificate.cer -noout -serial > serial.txt]
%x[openssl dgst -sha256 -out sign.bin -sign key.pem serial.txt]
%x[openssl enc -in sign.bin -a -A -out stamp.txt]
I would like some help with the openssl command. I need to automate the retrieval of the subject= line in a pkcs12 certificate for a script I'm working on.
I've used openssl to view the contents of the Identity/Certificate:
openssl pkcs12 -info -in /Users/[user]/Desktop/ID.pfx
But I am prompted three times for the password. I used -passin to eliminate one of the password prompts, but I am still being prompted for the PEM pass phrase and verification entry.
I need to figure out a way to pass ${password} to the other two password challenges or have the scrip issue a ctl-c. The piece of info I need is outputted to the stdout before the second password prompt.
Any help would be appreciated!
Obviously I gutted the certificate output for this post.... but you should get the idea of what I'm seeing:
bash-3.2# openssl pkcs12 -info -in /Users/[user]/Desktop/ID.pfx -passin pass:${password}
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
localKeyID: ****
friendlyName: ****
subject=****
issuer=****
-----BEGIN CERTIFICATE-----
::HASH REMOVED::
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: ****
Bag Attributes
localKeyID: ****
friendlyName: ****
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info:
::HASH REMOVED::
-----END RSA PRIVATE KEY-----
bash-3.2#
Try this:
$ openssl pkcs12 -in ~/cert.p12 -nodes \
-passin pass:"my password" | openssl x509 -noout -subject
Or this for the common name (ruby to strip trailing whitespace):
$ openssl pkcs12 -in ~/cert.p12 -nodes \
-passin pass:"my password" | openssl x509 -noout -subject \
| awk -F'[=/]' '{print $6}'`.strip`
Copying answer here in order to remove this question from the "Unanswered" filter:
openssl pkcs12 -nokeys -in /Users/[User]/Desktop/ID.pfx -passin pass:${password}
You could also use -passin and -passout which would not prompt you again for manual input. Here is a sample code:
openssl pkcs12 -in seldpush_dev.p12 -passin pass:$password -passout pass:$password | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | \
openssl x509 -subject -noout
Basically, use -keyword to fetch that value. In your case, -subject.
This is a few years late; I'm not familiar with openssl, & etc; but since I see no reference to "-nokeys" I'll give what works for me.
echo -e "$password\n$passphrase\n$passphrase\n" \
| openssl pkcs12 -in /Users/[user]/Desktop/ID.pfx -passin stdin -passout stdin
from manpage
stdin read the password from standard input.