(Actually, it already did, but it also gave you a separate certificate
file.)
It’s more convenient to deal with a single file. Many programs accept
it as the cert file without needing to specify a separate key file.
For other programs, you can just pass the same file as both the cert
file and the key file.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
-Usage: $0 <pkcs12 file> <output directory>
+Usage: $0 <cert.p12> <cert.pem>
Transforms a .p12 file, for instance as exported by Firefox's
Transforms a .p12 file, for instance as exported by Firefox's
-cerfiticate "backup" feature, into a pair of a PEM certificate file
-and private key.
+cerfiticate "backup" feature, into a PEM file that contains your
+private key and certificate.
To export your certificate from Firefox, go to Edit|Preferences,
Advanced|Security|View Certificates, and ``Backup'' your certificate
To export your certificate from Firefox, go to Edit|Preferences,
Advanced|Security|View Certificates, and ``Backup'' your certificate
[ "$#" -eq 2 ] || usage
pkcs="$1"
[ "$#" -eq 2 ] || usage
pkcs="$1"
-echo -n "Password for $pkcs: "
-stty -echo
-read pass
-stty echo
-echo
-
-echo "$pass" | openssl pkcs12 -in "$pkcs" -nodes -out "$outdir"/cert.pem -passin stdin
-echo "$pass" | openssl pkcs12 -in "$pkcs" -nodes -nocerts -out "$outdir"/privkey.pem -passin stdin
+openssl pkcs12 -in "$pkcs" -nodes -out "$pem"
-Certificate written to $outdir/cert.pem
-Private key written to $outdir/privkey.pem
+Private key and certificate written to $pem
-You can pass these to wget's --certificate and --private-key options,
-or to curl's --cert/--key options.
+You can pass this to wget's --certificate and --private-key options,
+or to curl's --cert option.
-To use them with perl's LWP, set the following environment variables:
+To use it with perl's LWP, set the following environment variables:
-outdir="$(readlink -f "$outdir")"
-
# No, this doesn't handle quoting properly.
# No, this doesn't handle quoting properly.
-echo HTTPS_CERT_FILE="$outdir/cert.pem"
-echo HTTPS_KEY_FILE="$outdir/privkey.pem"
+echo HTTPS_CERT_FILE="$pem"
+echo HTTPS_KEY_FILE="$pem"