Shell script to extract certificate and key files suitable for nginx from a PFX file.

extract-pfx.sh

#!/bin/bash
set -e

if [ "$#" -ne 1 ]; then
    echo "Usage: $0 filename.pfx" >&2
    exit 1;
fi

if [ ! -e "$1" ]; then
    echo "File not found: $1" >&2
    exit 1;
fi

filename=$(basename "$1")
extension="${filename##*.}"
filename="${filename%.*}"

echo -n "Please enter the export password of the PFX file: "
read -s pfxpass

echo

#extract private key
openssl pkcs12 -in "$1" -nocerts -out keyfile-encrypted.key -passin pass:$pfxpass -passout pass:1234 > /dev/null

#decrypt private key
openssl rsa -in keyfile-encrypted.key -out "$filename.key" -passin pass:1234 > /dev/null

#delete encrypted private key
rm keyfile-encrypted.key

#extract certificate
openssl pkcs12 -in "$1" -clcerts -nokeys -out "$filename.crt" -passin pass:$pfxpass > /dev/null

echo "Done."
echo "Now move $filename.crt to /etc/ssl/certs/"
echo "     and $filename.key to /etc/ssl/private/"


while true; do
    read -p "I can do this for you. Shall I? " yn
    case $yn in
        [Yy]* ) mv "$filename.crt" /etc/ssl/certs/; mv "$filename.key" /etc/ssl/private/; break;;
        [Nn]* ) exit;;
        * ) echo "Please answer yes or no.";;
    esac
done