Created
July 25, 2025 08:08
-
-
Save huynhbaoan/f45278ebc29deffadf60c84141de36be to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Input PKCS#12 file | |
P12_FILE="$1" | |
if [[ ! -f "$P12_FILE" ]]; then | |
echo "β Usage: $0 site.p12" | |
exit 1 | |
fi | |
# Remove extension to get sitename | |
BASENAME=$(basename "$P12_FILE" .p12) | |
echo "π Extracting from: $P12_FILE" | |
echo "π Output base name: $BASENAME" | |
# 1. Extract encrypted private key | |
openssl pkcs12 -in "$P12_FILE" -nocerts -out "$BASENAME.encrypted.key" | |
# 2. Decrypt private key to PKCS#1 | |
openssl rsa -in "$BASENAME.encrypted.key" -out "$BASENAME.key" | |
# 3. Extract raw site/leaf certificate (with Bag Attributes) | |
openssl pkcs12 -in "$P12_FILE" -clcerts -nokeys -out "$BASENAME.site.raw.crt" | |
# 4. Extract raw intermediate chain certs (with Bag Attributes) | |
openssl pkcs12 -in "$P12_FILE" -cacerts -nokeys -out "$BASENAME.chain.raw.crt" | |
# 5. Clean Bag Attributes from site cert | |
sed '/^Bag Attributes/d;/^ *localKeyID/d;/^ *friendlyName/d' "$BASENAME.site.raw.crt" > "$BASENAME.site.crt" | |
# 6. Clean Bag Attributes from chain cert | |
sed '/^Bag Attributes/d;/^ *localKeyID/d;/^ *friendlyName/d' "$BASENAME.chain.raw.crt" > "$BASENAME.chain.crt" | |
# 7. Combine site and chain (cleaned) into leafchain | |
cat "$BASENAME.site.crt" "$BASENAME.chain.crt" > "$BASENAME.leafchain.crt" | |
# 8. Cleanup encrypted key | |
rm -f "$BASENAME.encrypted.key" | |
echo "β Extraction complete. Files created:" | |
echo " - Private Key : $BASENAME.key" | |
echo " - Raw Site Cert : $BASENAME.site.raw.crt" | |
echo " - Clean Site Cert : $BASENAME.site.crt" | |
echo " - Raw Chain Cert : $BASENAME.chain.raw.crt" | |
echo " - Clean Chain Cert : $BASENAME.chain.crt" | |
echo " - Leaf+Chain Combined : $BASENAME.leafchain.crt" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment