Last active
August 15, 2022 10:24
-
-
Save bjuretko/185cf55bd2fa05643aa2fcc12248f04f to your computer and use it in GitHub Desktop.
SSL/TLS certificates with traefik
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$1" ] | |
| then | |
| echo "Extract certificate and private key from pfx file for configuring TLS endpoints" | |
| echo "Please provide pfx file as first argument" | |
| exit 1 | |
| fi | |
| read -p "Please enter import password: " PASS | |
| DOMAIN=${1%.*} | |
| echo Extracting certificates for $DOMAIN ... | |
| openssl version | |
| echo Extracting private key... | |
| PASS="$PASS" openssl pkcs12 -in $DOMAIN.pfx -nocerts -out $DOMAIN.key_pw -passin env:PASS -passout env:PASS | |
| chmod 600 $DOMAIN.key_pw | |
| echo Extracting certificate... | |
| PASS="$PASS" openssl pkcs12 -in $DOMAIN.pfx -clcerts -nokeys -out $DOMAIN.crt -passin env:PASS | |
| chmod 600 $DOMAIN.crt | |
| # currently traefik is not able to handle encrypted private keys | |
| # so we remove the password here | |
| # see https://github.com/containous/traefik/issues/1262 | |
| echo Writing passwordless key ... | |
| PASS="$PASS" openssl rsa -in $DOMAIN.key_pw -out $DOMAIN.key -passin env:PASS | |
| chmod 600 $DOMAIN.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Change line 9 to : DOMAIN=${1%.*}