]>
Commit | Line | Data |
---|---|---|
6e450839 NE |
1 | #!/bin/sh |
2 | ||
3 | set -e | |
4 | ||
5 | usage() { | |
6 | cat <<EOF | |
7 | Usage: $0 <pkcs12 file> <output directory> | |
8 | ||
9 | Transforms a .p12 file, for instance as exported by Firefox's | |
10 | cerfiticate "backup" feature, into a pair of a PEM certificate file | |
11 | and private key. | |
12 | ||
13 | To export your certificate from Firefox, go to Edit|Preferences, | |
14 | Advanced|Security|View Certificates, and ``Backup'' your certificate | |
15 | to a file. Firefox will save it as a PKCS12 certificate. You must | |
16 | enter a passphrase, which this script will prompt you for. | |
17 | ||
18 | EOF | |
19 | exit 1 | |
20 | } | |
21 | ||
22 | [ "$#" -eq 2 ] || usage | |
23 | ||
24 | pkcs="$1" | |
25 | outdir="$2" | |
26 | ||
27 | echo -n "Password for $pkcs: " | |
28 | stty -echo | |
29 | read pass | |
30 | stty echo | |
31 | echo | |
32 | ||
33 | echo "$pass" | openssl pkcs12 -in "$pkcs" -nodes -out "$outdir"/cert.pem -passin stdin | |
34 | echo "$pass" | openssl pkcs12 -in "$pkcs" -nodes -nocerts -out "$outdir"/privkey.pem -passin stdin | |
35 | ||
36 | cat >&2 <<EOF | |
37 | Certificate written to $outdir/cert.pem | |
38 | Private key written to $outdir/privkey.pem | |
39 | ||
40 | Keep these files safe! | |
41 | ||
42 | You can pass these to wget's --certificate and --private-key options, | |
43 | or to curl's --cert/--key options. | |
44 | ||
45 | To use them with perl's LWP, set the following environment variables: | |
46 | ||
47 | EOF | |
48 | ||
49 | outdir="$(readlink -f "$outdir")" | |
50 | ||
51 | # No, this doesn't handle quoting properly. | |
52 | echo HTTPS_CERT_FILE="$outdir/cert.pem" | |
53 | echo HTTPS_KEY_FILE="$outdir/privkey.pem" | |
54 |