Generate a Self-Signed p12 (pfx) certificate File (Automated / Scripted)

Here is a brief script to generate a self-signed p12 (pfx) certificate file with no interactive input.

You can parameterize the three inputs and use them to run this from a CI pipeline/etc as required.

#! /bin/bash

# Set some variables for ease/re-use (can be parameterized).
NAME_PREFIX="mycertname"
PASSPHRASE="some-password"
DNS_NAME="*.some.domain.net"

# Generate cacert.pem and cakey.pem.  The private key is encrypted.
openssl req -newkey rsa:2048 -x509 -keyout ${NAME_PREFIX}-cakey.pem -out ${NAME_PREFIX}-cacert.pem -days 3650 -subj "/C=US/ST=New York/L=New York/CN=${DNS_NAME}" -passout pass:${PASSPHRASE}

# Get a decrypted copy of the private key.
openssl rsa -in ${NAME_PREFIX}-cakey.pem -out ${NAME_PREFIX}-cakey-decrypted.pem -passin pass:${PASSPHRASE}

# Generate the p12 file from the private key and certificate.
openssl pkcs12 -export -out ${NAME_PREFIX}.p12 -inkey ${NAME_PREFIX}-cakey-decrypted.pem -in ${NAME_PREFIX}-cacert.pem -passout pass:${PASSPHRASE}

# Remove the decrypted private key.
rm ${NAME_PREFIX}-cakey-decrypted.pem

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s