Extracting Keys and Certs

I have a problem...

I want all of my internal services to have a valid certificate from my certificate authority. Not a problem, right? Just export the key and certificate to a PFX file. Well, not all of my services will accept a PFX file. They want the raw text pasted in from the respective key and certificate PEM files.

Luckily, I have Windows Subsystem for Linux installed on my Windows computer and can use a couple OpenSSL commands to extract my PEM files.

# Extracts certificate from pfx file
openssl pkcs12 -in dummy.pfx -nokeys -out dummy-cert.pem

# Extracts key from pfx file
openssl pkcs12 -in dummy.pfx -nocerts -out dummy-key.pem -nodes

I don't want to take up space in my brain remembering these commands. I also don't want to edit the commands every time I have to do this. So, I'll add the commands to a shell script with a couple variables.

#! /bin/bash

## Extracts certificate and key from an exported pfx file
## Use pfx file as the first argument when calling the script
## If the pfx file is password protected, you will be prompted to enter the password (once for the cert and again for the key)
## Example: extract-from-pfx.sh your-pfx-file.pfx

openssl pkcs12 -in $1 -nokeys -out $(basename $1 .pfx)-cert.pem
openssl pkcs12 -in $1 -nocerts -out $(basename $1 .pfx)-key.pem -nodes

Easy peasy.

Thanks for reading!

CCNA Prep: Applying ACLs in the Right Direction

CCNA Prep: Proxy ARP

CCNA Prep: Misinformation in Boson NetSim Labs

CCNA Prep: Setting Up Cisco Modeling Labs on Proxmox

Hacking on ThinPro: Enabling SSH

Hacking on ThinPro: Preventing User Interruptions

Hacking on ThinPro: Sneaky Workarounds

Hacking on ThinPro: Extension Properties

Hacking on ThinPro: Fixing EAP-TLS

Learning PowerShell: A Bash Fan's Experience

Learning PowerShell: Using PSComputerName

Learning PowerShell: Removing Unknown Profiles

Learning PowerShell: Finding Users in Folder Permissions

Learning PowerShell: Logging Pings

Hacky Nonsense: Bookstack Load Balancer

Extracting Keys and Certs