I work with digicert® to get certificates.
The way we get certificates sometimes requires me to convert the certificates, below is the process I use to get the formats for what I may need.
This script assumes you have a directory with only the .csr file and the .zip file from digicert® and then run the shell script.
#!/bin/sh
# DigiCert.sh
#
#
# Created by David Kittell on 3/9/17.
#
sCurrentPath=$(pwd)
printf "Is $sCurrentPath the correct path for the certificates?, if yes type y or if no type n followed by [ENTER]:\n"
read sCertPath
case $sCertPath in
[yY])
sServerCertPath=$sCurrentPath
;;
*)
printf "Type the path of the certificates, followed by [ENTER]:\n"
read sServerCertPath
cd $sServerCertPath
;;
esac
# Check CSR File
#openssl req -text -noout -verify -in *.csr
CSRInfo=$(openssl req -text -noout -verify -in *.csr)
CSRCommonName=$(echo "$CSRInfo" | grep 'Subject:' | cut -d '=' -f7 | sed "s|Subject:||" | sed 's/^ *//;s/ *$//')
CSRSANs=$(echo "$CSRInfo" | grep -A1 'Alternative Name' | grep -v 'Alternative Name' | sed "s|DNS:||g"| sed 's/^ *//;s/ *$//')
echo "Certificate Information:\n Common Name: $CSRCommonName\n Additional Names: $CSRSANs\n" > ReadMe.txt
# Unzip all files within zip in the current directory
unzip -j *.zip
sServerCert=$(find . -type f ! -name '*.txt' ! -name '*.csr' ! -name '*.zip' | grep -v -e 'DigiCertCA.crt' -e 'TrustedRoot.crt' | sed "s|./||")
#echo $sServerCert
clear
printf "Is $sServerCert the correct certificate?, if yes type y or if no type n followed by [ENTER]:\n"
read sServer
case $sServer in
[yY])
;;
*)
printf "Type the name of the server certificate, followed by [ENTER]:\n"
read sServerCert
;;
esac
#echo $sServerCert
sServerCertNoExt=${sServerCert%.crt}
#echo $sServerCertNoExt
# Check CRT File
#openssl x509 -in $sServerCert -text -noout
# Convert CRT to PEM
openssl x509 -in $sServerCert -outform PEM -out $sServerCertNoExt.pem
# Use PEM with CA CRT to create p7b
openssl crl2pkcs7 -nocrl -certfile $sServerCertNoExt.pem -out $sServerCertNoExt.p7b -certfile DigiCertCA.crt
# Create PFX
echo "Creating the PFX file, type an export password and confirm it."
openssl pkcs12 -export -nokeys -in $sServerCertNoExt.p7b -out $sServerCertNoExt.pfx -certfile TrustedRoot.crt
echo "\nPFX Location:\n $sServerCertPath\nPFX Export Password:\n Look in Password Safe" >> ReadMe.txt
mkdir -p Original_Files/CSR Original_Files/DigiCert CRT Combined_Files
mv $sServerCertNoExt.p7b $sServerCertNoExt.pem Combined_Files
mv *.csr Original_Files/CSR
echo "\nOriginal CSR Location:\n $sServerCertPath/Original_Files/CSR" >> ReadMe.txt
mv INSTALL_INSTRUCTIONS* Original_Files/DigiCert
mv *.crt CRT
echo "\nDigiCert CRT Location:\n $sServerCertPath/CRT" >> ReadMe.txt
mv *.zip Original_Files/DigiCert
echo "\nDigiCert Zip Location:\n $sServerCertPath/Original_Files/DigiCert" >> ReadMe.txt
# Extract the key file from the PFX
#openssl pkcs12 -in $sServerCertNoExt.pfx -nocerts -out $sServerCertNoExt.key -nodes
# Extract the cert file from the PFX
#openssl pkcs12 -in $sServerCertNoExt.pfx -nokeys -out $sServerCertNoExt.cer
echo "\n\nInstallation Instructions:\n General: https://www.digicert.com/ssl-certificate-installation.htm\n Apache: https://www.digicert.com/ssl-certificate-installation-apache.htm\n Tomcat: https://www.digicert.com/ssl-certificate-installation-tomcat.htm" >> ReadMe.txt
echo "Conversion Process Complete"
All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.