Goal
Ok so I have openssl for windows in a directory and I am trying to get a script running that will let me take a pfx file that contains every thing I need and split it in to all the files i need separately. This will allow for easy upload to AWS IAM cert store later.
Problem
I will post what I have at the bottom, the only issue is the commands are not passing to openssl.exe correctly for some reason, however if you copy the output it creates at "$argu" and run the arguments against the .exe manually it works perfectly. I can not for the life of me work out its issue.
Update
I have attempted to use the following two methods to invoke the .exe but it appears the arguments string is not converting correctly and an extra apostrophe is been added to the arguments causing openssl to fail.
Attempt 1
& $opssl $argu
Attempt 2 is below in my updated code. OpenSSL.exe throws the following error when using option 1. Is there a better way to create the string before passing it to the .exe?
Error
openssl:Error: 'pkcs12 -in 'E:\certs\openssl\domain.com.au\domain.com.au-PFX.pfx' -passin pass:(removed) -nokeys -cacerts -out 'domain.com.au-PFX-20160517\domain.com.au-PFX-CA-Cert.pem'' is an invalid command.
Script
$exedir = split-path -parent $MyInvocation.MyCommand.Definition
cd $exedir
#Powershell to use open SSL to convert a pfx to pem
Write-output "Please enter full path and PFX file"
$cert = read-host
Write-output "Please enter password for you PFX"
$pfxpass = read-host
$date = Get-date -Format "yyyMMdd"
$certDirf = Get-item "$cert" | select basename
$string = [io.path]::GetFileNameWithoutExtension($cert)
$string2 = $string.Substring(0)
$certDir = $string2
$opssl = "$exedir\openssl.exe"
Write-output "$certDir"
$opssltest = If (Test-Path $exedir\openssl.exe){
Write-host "found OpenSSL.exe"
}
Else
{
write-host "couldn't find openSSL.exe"
}
Invoke-Command -scriptblock { $opssltest }
Function Get-Key {
if (!(test-path $certdir-$date)){mkdir $certdir-$date -force}
cd $exedir
$Argu = "pkcs12 -in '$cert' -passin pass:$pfxpass -nocerts -out '$certdir-$date\$certdir-encrypted-key.pem' -nodes"
Write-host "$argu"
Start-Process -FilePath "$opssl" -ArgumentList "pkcs12 -in '$cert' -passin pass:$pfxpass -nocerts -out '$certdir-$date\$certdir-encrypted-key.pem' -nodes"
Write-host "encrypted key written"
sleep 1
$Argu = "rsa -in $certdir-$date\$certdir-encrypted-key.pem -out $certdir-$date\$certdir-key.pem"
Write-host "$argu"
Start-Process -FilePath "$opssl" -ArgumentList "rsa -in '$certdir-$date\$certdir-encrypted-key.pem' -out '$certdir-$date\$certdir-key.pem'"
Write-host "Key Un-encrypted"
Menu
}
Function Get-Cert {
if (!(test-path $certdir-$date)){mkdir $certdir-$date -force}
cd $exedir
$Argu = "pkcs12 -in '$cert' -passin pass:$pfxpass -nokeys -clcerts -out '$certdir-$date\$certdir-Cert.pem'"
Write-host "$Argu"
Start-Process -FilePath "$opssl" -ArgumentList "pkcs12 -in '$cert' -passin pass:$pfxpass -nokeys -clcerts -out '$certdir-$date\$certdir-Cert.pem'"
Write-host "Cert exported"
Menu
}
Function Get-CACert {
if (!(test-path $certdir-$date)){mkdir $certdir-$date -force}
cd $exedir
$Argu = "pkcs12 -in '$cert' -passin pass:$pfxpass -nokeys -cacerts -out '$certdir-$date\$certdir-CA-Cert.pem'"
Write-host "$argu"
$type = "pkcs12"
Start-Process -FilePath "$opssl" -ArgumentList "pkcs12 -in '$cert' -passin pass:$pfxpass -nokeys -cacerts -out '$certdir-$date\$certdir-CA-Cert.pem'"
Write-host "CA-Cert exported"
Menu
}
Function Menu{
[int]$xMenuChoiceA = 0
while ( $xMenuChoiceA -lt 1 -or $xMenuChoiceA -gt 4 ){
Write-host "All exports are in PEM format except for privet keys"
Write-host "1. Export privet key"
Write-host "2. Export Certificate"
Write-host "3. Export Ca Certificaet"
write-host "4. Exit"
[Int]$xMenuChoiceA = read-host "Please enter an option 1 to 4..." }
Switch( $xMenuChoiceA ){
1{Get-Key}
2{Get-Cert}
3{Get-CACert}
4{Exit}
}
}
Menu
