Doing repetitive tasks is always boring. For a system administrator, it is very often. Almost every month I have to perform tasks involving keystores and certificates in one or other environment.
So to ease it up, I have written a shell script that will do it for me. It is written based on my need. Anyone can use it as it is or modify it based on their requirements.
This is the first version and not very much tested so you may have hiccups in using it. Do let me know about it. I will fix it. I will also keep on updating based on the feedback that I will get from my team.
What this script do?
This script perform below operations:
Save it as certificate.sh.
Give the required permission to the file
$ chmod a+x certificate.sh
Now lets do the test run :)
Test 1:- Convert Base64Encoded certificate
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
1
Enter file name
Base64Encoded.cer
Enter path
.
File to convert is at ./Base64Encoded.cer
Converting into pem...
Extension of the file is cer
Base64Encoded.pem generated!!
Test 2:- Convert DER Encoded certificate
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
1
Enter file name
DEREncoded.cer
Enter path
.
File to convert is at ./DEREncoded.cer
Converting into pem...
Extension of the file is cer
DEREncoded.pem generated!!
Test 3:- Convert p7b Encoded certificate
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
1
Enter file name
p7bEncoded.p7b
Enter path
.
File to convert is at ./p7bEncoded.p7b
Converting into pem...
Extension of the file is p7b
p7bEncoded.pem generated!!
Test 4:- Convert certificate into p12
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
2
Enter location of key & certificate
.
Enter certificate file name
soa.mycompany.com.cer
Enter key file name
soa.mycompany.com.key
Enter Passphrase/Password
changeit
Generating p12 file 1
Enter Export Password:
Verifying - Enter Export Password:
Test 5:- Import certificate in keystore
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
3
Enter location of certificate
.
Enter certificate file name
soa.mycompany.com.cer
Enter alias name for the certificate
mysoacert
Enter location of keystore
.
Enter keystore file name
mykeystore.jks
Enter keystore password
changeit
Importing certificate into keystore
.
.
Trust this certificate? [no]: yes
Certificate was added to keystore
Test 6:- Export certificate from keystore
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
4
Enter location for exported certificate
.
Enter certificate file name for the exported certificate
myexportedcertificate
Enter alias name of the certificate to be exported
mysoacert
Enter location of keystore
.
Enter keystore file name
mykeystore.jks
Enter keystore password
changeit
Exporting certificate from keystore
Certificate stored in file <./myexportedcertificate.cer>
Test 7:- Delete certificate from keystore
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
5
Enter alias name of the certificate to be deleted
mysoacert
Enter location of keystore
.
Enter keystore file name
mykeystore.jks
Enter keystore password
changeit
Deleting mysoacert certificate from keystore
So to ease it up, I have written a shell script that will do it for me. It is written based on my need. Anyone can use it as it is or modify it based on their requirements.
This is the first version and not very much tested so you may have hiccups in using it. Do let me know about it. I will fix it. I will also keep on updating based on the feedback that I will get from my team.
What this script do?
This script perform below operations:
- To convert certificate into pem
- To convert certificate into p12
- To import certificate into keystore
- To export certificate from keystore
- To delete certificate from keystore
#!/bin/bash echo "============================================" echo "Press 1: To convert certificate into pem" echo "Press 2: To convert certificate into p12" echo "Press 3: To import certificate into keystore" echo "Press 4: To export certificate from keystore" echo "Press 5: To delete certificate from keystore" echo "============================================" echo "Enter your choice (1-5)" read input convert_cert() { filename=$1 path=$2 ## Extract input file extension ext=${filename##*.} name=${filename%%.*} if [ $ext == 'p7b' ] || [ $ext == 'pem' ] || [ $ext == 'cer' ] || [ $ext == 'crt' ] || [ $ext == 'der' ] then ## Check if file exists echo "File to convert is at $path/$filename" result=`find $path -name $filename | wc -l` if [ $result == 0 ] then echo "File not found!!" exit $? fi ## Convert file into pem echo "Converting into pem..." echo "Extension of the file is $ext" if [ $ext == 'cer' -o $ext == 'der' -o $ext == 'crt' ]; then `openssl x509 -in $path/$filename -inform der -noout &> /dev/null` if [ $? -eq 0 ] ; then `openssl x509 -in $path/$filename -inform der -out $path/$name.pem` sed -i '/^$/d' $path/$name.pem sed -i '/^subject/d' $path/$name.pem sed -i '/^issuer/d' $path/$name.pem echo "$name.pem generated!!" else cp $path/$filename $path/$name.pem echo "$name.pem generated!!" fi elif [ $ext == 'p7b' ]; then `openssl pkcs7 -in $path/$filename -inform der -noout &> /dev/null` if [ $? -eq 0 ]; then `openssl pkcs7 -print_certs -in $path/$filename -inform der -out $path/$name.pem` sed -i '/^$/d' $path/$name.pem sed -i '/^subject/d' $path/$name.pem sed -i '/^issuer/d' $path/$name.pem echo "$name.pem generated!!" else `openssl pkcs7 -print_certs -in $path/$filename -out $path/$name.pem` # cp $path/$filename $path/$name.pem sed -i '/^$/d' $path/$name.pem sed -i '/^subject/d' $path/$name.pem sed -i '/^issuer/d' $path/$name.pem echo "$name.pem generated!!" fi else echo "This certificate is already in .pem format" fi else echo "Please provide a certificate in .p7b or .cer or .crt or .der" result=5 fi } if [ $input == 1 ] then echo "Enter file name" read filename echo "Enter path" read path convert_cert $filename $path elif [ $input == 2 ]; then echo "Enter location of key & certificate" read path echo "Enter certificate file name" read filename name=${filename%%.*} echo "Enter key file name" read keyfilename echo "Enter Passphrase/Password" read passphrase result=`find $path -name $keyfilename | wc -l` if [ $result == 0 ] then echo "$keyfilename not found!!" exit $? fi result=1 convert_cert $filename $path > /dev/null if [ $result == 5 ] ; then echo "Please provide a certificate in .p7b or .cer or .crt or .der" exit $? fi echo "Generating p12 file $result" echo "openssl pkcs12 -export -in $path/$name.pem -inkey $path/$keyfilename -out $path/$name.p12" openssl pkcs12 -export -in $path/$name.pem -inkey $path/$keyfilename -out $path/$name.p12 elif [ $input == 3 ]; then echo "Enter location of certificate" read path echo "Enter certificate file name" read filename echo "Enter alias name for the certificate" read alias echo "Enter location of keystore" read kpath echo "Enter keystore file name" read kfilename echo "Enter keystore password" read kpswd result=`find $path -name $filename | wc -l` if [ $result == 0 ] then echo "$filename not found!!" exit $? fi result=`find $kpath -name $kfilename | wc -l` if [ $result == 0 ] then echo "$kfilename not found!!" exit $? fi result=1 convert_cert $filename $path > /dev/null if [ $result == 5 ] ; then echo "Please provide a certificate in .p7b or .cer or .crt or .der" exit $? fi echo "Importing certificate into keystore" echo "keytool -importcert -alias $alias -file $path/$filename -keystore $kpath/$kfilename -storepass $kpswd" keytool -importcert -alias $alias -file $path/$filename -keystore $kpath/$kfilename -storepass $kpswd elif [ $input == 4 ]; then echo "Enter location for exported certificate" read path echo "Enter certificate file name for the exported certificate" read filename echo "Enter alias name of the certificate to be exported" read alias echo "Enter location of keystore" read kpath echo "Enter keystore file name" read kfilename echo "Enter keystore password" read kpswd result=`find $kpath -name $kfilename | wc -l` if [ $result == 0 ] then echo "$kfilename not found!!" exit $? fi echo "Exporting certificate from keystore" echo "keytool -exportcert -alias $alias -file $path/$filename.cer -keystore $kpath/$kfilename -storepass $kpswd" keytool -exportcert -alias $alias -file $path/$filename.cer -keystore $kpath/$kfilename -storepass $kpswd elif [ $input == 5 ]; then echo "Enter alias name of the certificate to be deleted" read alias echo "Enter location of keystore" read kpath echo "Enter keystore file name" read kfilename echo "Enter keystore password" read kpswd result=`find $kpath -name $kfilename | wc -l` if [ $result == 0 ] then echo "$kfilename not found!!" exit $? fi echo "Deleting $alias certificate from keystore" echo "keytool -delete -alias $alias -keystore $kpath/$kfilename -storepass $kpswd" keytool -delete -alias $alias -keystore $kpath/$kfilename -storepass $kpswd else echo "Incorrect choice!!" fi |
Give the required permission to the file
$ chmod a+x certificate.sh
Now lets do the test run :)
Test 1:- Convert Base64Encoded certificate
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
1
Enter file name
Base64Encoded.cer
Enter path
.
File to convert is at ./Base64Encoded.cer
Converting into pem...
Extension of the file is cer
Base64Encoded.pem generated!!
Test 2:- Convert DER Encoded certificate
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
1
Enter file name
DEREncoded.cer
Enter path
.
File to convert is at ./DEREncoded.cer
Converting into pem...
Extension of the file is cer
DEREncoded.pem generated!!
Test 3:- Convert p7b Encoded certificate
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
1
Enter file name
p7bEncoded.p7b
Enter path
.
File to convert is at ./p7bEncoded.p7b
Converting into pem...
Extension of the file is p7b
p7bEncoded.pem generated!!
Test 4:- Convert certificate into p12
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
2
Enter location of key & certificate
.
Enter certificate file name
soa.mycompany.com.cer
Enter key file name
soa.mycompany.com.key
Enter Passphrase/Password
changeit
Generating p12 file 1
Enter Export Password:
Verifying - Enter Export Password:
Test 5:- Import certificate in keystore
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
3
Enter location of certificate
.
Enter certificate file name
soa.mycompany.com.cer
Enter alias name for the certificate
mysoacert
Enter location of keystore
.
Enter keystore file name
mykeystore.jks
Enter keystore password
changeit
Importing certificate into keystore
.
.
Trust this certificate? [no]: yes
Certificate was added to keystore
Test 6:- Export certificate from keystore
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
4
Enter location for exported certificate
.
Enter certificate file name for the exported certificate
myexportedcertificate
Enter alias name of the certificate to be exported
mysoacert
Enter location of keystore
.
Enter keystore file name
mykeystore.jks
Enter keystore password
changeit
Exporting certificate from keystore
Certificate stored in file <./myexportedcertificate.cer>
Test 7:- Delete certificate from keystore
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
5
Enter alias name of the certificate to be deleted
mysoacert
Enter location of keystore
.
Enter keystore file name
mykeystore.jks
Enter keystore password
changeit
Deleting mysoacert certificate from keystore