huynhbaoan · July 25, 2025 08:08
diff --git a/gistfile1.txt b/gistfile1.txt
 #!/bin/bash

 # Input PKCS#12 file
 P12_FILE="$1"

 if [[ ! -f "$P12_FILE" ]]; then
    echo "❌ Usage: $0 site.p12"
    exit 1
 fi

 # Remove extension to get sitename
 BASENAME=$(basename "$P12_FILE" .p12)

 echo "🔐 Extracting from: $P12_FILE"
 echo "📁 Output base name: $BASENAME"

 # 1. Extract encrypted private key
 openssl pkcs12 -in "$P12_FILE" -nocerts -out "$BASENAME.encrypted.key"

 # 2. Decrypt private key to PKCS#1
 openssl rsa -in "$BASENAME.encrypted.key" -out "$BASENAME.key"

 # 3. Extract raw site/leaf certificate (with Bag Attributes)
 openssl pkcs12 -in "$P12_FILE" -clcerts -nokeys -out "$BASENAME.site.raw.crt"

 # 4. Extract raw intermediate chain certs (with Bag Attributes)
 openssl pkcs12 -in "$P12_FILE" -cacerts -nokeys -out "$BASENAME.chain.raw.crt"

 # 5. Clean Bag Attributes from site cert
 sed '/^Bag Attributes/d;/^ *localKeyID/d;/^ *friendlyName/d' "$BASENAME.site.raw.crt" > "$BASENAME.site.crt"

 # 6. Clean Bag Attributes from chain cert
 sed '/^Bag Attributes/d;/^ *localKeyID/d;/^ *friendlyName/d' "$BASENAME.chain.raw.crt" > "$BASENAME.chain.crt"

 # 7. Combine site and chain (cleaned) into leafchain
 cat "$BASENAME.site.crt" "$BASENAME.chain.crt" > "$BASENAME.leafchain.crt"

 # 8. Cleanup encrypted key
 rm -f "$BASENAME.encrypted.key"

 echo "✅ Extraction complete. Files created:"
 echo " - Private Key         : $BASENAME.key"
 echo " - Raw Site Cert       : $BASENAME.site.raw.crt"
 echo " - Clean Site Cert     : $BASENAME.site.crt"
 echo " - Raw Chain Cert      : $BASENAME.chain.raw.crt"
 echo " - Clean Chain Cert    : $BASENAME.chain.crt"
 echo " - Leaf+Chain Combined : $BASENAME.leafchain.crt"
	#!/bin/bash

	# Input PKCS#12 file
	P12_FILE="$1"

	if [[ ! -f "$P12_FILE" ]]; then
	echo "❌ Usage: $0 site.p12"
	exit 1
	fi

	# Remove extension to get sitename
	BASENAME=$(basename "$P12_FILE" .p12)

	echo "🔐 Extracting from: $P12_FILE"
	echo "📁 Output base name: $BASENAME"

	# 1. Extract encrypted private key
	openssl pkcs12 -in "$P12_FILE" -nocerts -out "$BASENAME.encrypted.key"

	# 2. Decrypt private key to PKCS#1
	openssl rsa -in "$BASENAME.encrypted.key" -out "$BASENAME.key"

	# 3. Extract raw site/leaf certificate (with Bag Attributes)
	openssl pkcs12 -in "$P12_FILE" -clcerts -nokeys -out "$BASENAME.site.raw.crt"

	# 4. Extract raw intermediate chain certs (with Bag Attributes)
	openssl pkcs12 -in "$P12_FILE" -cacerts -nokeys -out "$BASENAME.chain.raw.crt"

	# 5. Clean Bag Attributes from site cert
	sed '/^Bag Attributes/d;/^ localKeyID/d;/^ friendlyName/d' "$BASENAME.site.raw.crt" > "$BASENAME.site.crt"

	# 6. Clean Bag Attributes from chain cert
	sed '/^Bag Attributes/d;/^ localKeyID/d;/^ friendlyName/d' "$BASENAME.chain.raw.crt" > "$BASENAME.chain.crt"

	# 7. Combine site and chain (cleaned) into leafchain
	cat "$BASENAME.site.crt" "$BASENAME.chain.crt" > "$BASENAME.leafchain.crt"

	# 8. Cleanup encrypted key
	rm -f "$BASENAME.encrypted.key"

	echo "✅ Extraction complete. Files created:"
	echo " - Private Key : $BASENAME.key"
	echo " - Raw Site Cert : $BASENAME.site.raw.crt"
	echo " - Clean Site Cert : $BASENAME.site.crt"
	echo " - Raw Chain Cert : $BASENAME.chain.raw.crt"
	echo " - Clean Chain Cert : $BASENAME.chain.crt"
	echo " - Leaf+Chain Combined : $BASENAME.leafchain.crt"