Created
April 3, 2019 17:18
-
-
Save jrwarwick/e44d60d801df1fe8202681febf080c95 to your computer and use it in GitHub Desktop.
PFX/PKCS12 SSH Certificate renewal preparation from DER
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #Scenario: some issuer reissues to you a renewed certificate in DER/x509 format, | |
| #but you need it in PFX/PKCS12 format (perhaps to utilize in some Windows PowerShell scripts). | |
| #quick sequence to perform the conversion and sanity check. | |
| #To extract the private key embedded in the (soon to expire) PFX: | |
| openssl pkcs12 -in old_about_to_expire.pfx -nocerts -out extracted_private_key.pem | |
| #To sanity check the incoming renewed cert: | |
| openssl x509 -inform der -in renewed_certificate_as_issued.der -noout -text | grep -v '\([a-z0-9]\{2\}:\)\{10,\}' | |
| openssl x509 -inform der -in renewed_certificate_as_issued.der -noout -text | egrep 'Validity|Subject:|Not ' | |
| #Convert incoming renewed cert to PEM format: | |
| openssl x509 -inform der -in renewed_certificate_as_issued.der -noout -text | egrep 'Validity|Subject:|Not ' | |
| openssl x509 -inform der -in renewed_certificate_as_issued.der -out renewed_certificate.pem | |
| openssl pkcs12 -export -out rewnewed_full_certificate.pfx -inkey extracted_private_key.pem -in renewed_certificate.pem | |
| #Sanity check your fully converted and combined PFX: | |
| ls -lF rewnewed_full_certificate.pfx && openssl pkcs12 -in rewnewed_full_certificate.pfx -noout -info | |
| curl -vk --cert rewnewed_full_certificate.pfx --pass 's3cr3tPASSw0rd' -X GET "https://api.issuerdomain.tld/restful/catalog/" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment