Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save huynhbaoan/f45278ebc29deffadf60c84141de36be to your computer and use it in GitHub Desktop.
Save huynhbaoan/f45278ebc29deffadf60c84141de36be to your computer and use it in GitHub Desktop.
#!/bin/bash
# Input PKCS#12 file
P12_FILE="$1"
if [[ ! -f "$P12_FILE" ]]; then
echo "❌ Usage: $0 site.p12"
exit 1
fi
# Remove extension to get sitename
BASENAME=$(basename "$P12_FILE" .p12)
echo "πŸ” Extracting from: $P12_FILE"
echo "πŸ“ Output base name: $BASENAME"
# 1. Extract encrypted private key
openssl pkcs12 -in "$P12_FILE" -nocerts -out "$BASENAME.encrypted.key"
# 2. Decrypt private key to PKCS#1
openssl rsa -in "$BASENAME.encrypted.key" -out "$BASENAME.key"
# 3. Extract raw site/leaf certificate (with Bag Attributes)
openssl pkcs12 -in "$P12_FILE" -clcerts -nokeys -out "$BASENAME.site.raw.crt"
# 4. Extract raw intermediate chain certs (with Bag Attributes)
openssl pkcs12 -in "$P12_FILE" -cacerts -nokeys -out "$BASENAME.chain.raw.crt"
# 5. Clean Bag Attributes from site cert
sed '/^Bag Attributes/d;/^ *localKeyID/d;/^ *friendlyName/d' "$BASENAME.site.raw.crt" > "$BASENAME.site.crt"
# 6. Clean Bag Attributes from chain cert
sed '/^Bag Attributes/d;/^ *localKeyID/d;/^ *friendlyName/d' "$BASENAME.chain.raw.crt" > "$BASENAME.chain.crt"
# 7. Combine site and chain (cleaned) into leafchain
cat "$BASENAME.site.crt" "$BASENAME.chain.crt" > "$BASENAME.leafchain.crt"
# 8. Cleanup encrypted key
rm -f "$BASENAME.encrypted.key"
echo "βœ… Extraction complete. Files created:"
echo " - Private Key : $BASENAME.key"
echo " - Raw Site Cert : $BASENAME.site.raw.crt"
echo " - Clean Site Cert : $BASENAME.site.crt"
echo " - Raw Chain Cert : $BASENAME.chain.raw.crt"
echo " - Clean Chain Cert : $BASENAME.chain.crt"
echo " - Leaf+Chain Combined : $BASENAME.leafchain.crt"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment