Last active
July 25, 2025 08:06
-
-
Save huynhbaoan/3d571bf8541df8d775af9a9e2378f55a to your computer and use it in GitHub Desktop.
Pkcs12 extraction
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Input PKCS#12 file | |
| P12_FILE="$1" | |
| if [[ ! -f "$P12_FILE" ]]; then | |
| echo "β Usage: $0 site.p12" | |
| exit 1 | |
| fi | |
| # Remove extension to get sitename | |
| BASENAME=$(basename "$P12_FILE" .p12) | |
| echo "π Extracting from: $P12_FILE" | |
| echo "π Output base name: $BASENAME" | |
| # 1. Extract encrypted private key | |
| openssl pkcs12 -in "$P12_FILE" -nocerts -out "$BASENAME.encrypted.key" | |
| # 2. Decrypt private key to PKCS#1 | |
| openssl rsa -in "$BASENAME.encrypted.key" -out "$BASENAME.key" | |
| # 3. Extract leaf/site certificate | |
| openssl pkcs12 -in "$P12_FILE" -clcerts -nokeys -out "$BASENAME.site.crt" | |
| # 4. Extract intermediate chain | |
| openssl pkcs12 -in "$P12_FILE" -cacerts -nokeys -chain -out "$BASENAME.chain.crt" | |
| # 5. Combine for fullchain | |
| cat "$BASENAME.site.crt" "$BASENAME.chain.crt" > "$BASENAME.fullchain.crt" | |
| # 6. Cleanup encrypted key | |
| rm -f "$BASENAME.encrypted.key" | |
| echo "β Extraction complete. Files created:" | |
| echo " - Private Key : $BASENAME.key" | |
| echo " - Site Certificate : $BASENAME.site.crt" | |
| echo " - Chain Certificate : $BASENAME.chain.crt" | |
| echo " - Fullchain Cert : $BASENAME.fullchain.crt" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment