openssl for windows和powershell PFX to PEM

时间:2016-05-16 06:16:19

标签: powershell ssl openssl pem pfx

目标

好的,所以我在一个目录中有openssl for windows,我正在尝试运行一个脚本,这将让我获取包含我需要的所有东西的pfx文件,并将其分成我需要的所有文件。这样可以在以后轻松上传到AWS IAM证书库。

问题

我将在底部发布我的内容,唯一的问题是命令没有正确传递给openssl.exe,但是如果你复制它在“$ argu”创建的输出并运行反对的参数.exe手动它完美的工作。我不能为我的生活解决它的问题。

更新

我试图使用以下两种方法来调用.exe但是看起来参数字符串没有正确转换,并且在参数中添加了一个额外的撇号,导致openssl失败。

尝试1

& $opssl $argu 

我的更新代码中的尝试2如下。 使用选项1时,OpenSSL.exe会引发以下错误。在将字符串传递给.exe之前是否有更好的方法来创建字符串?

错误

openssl:Error: 'pkcs12 -in 'E:\certs\openssl\domain.com.au\domain.com.au-PFX.pfx' -passin pass:(removed) -nokeys -cacerts -out 'domain.com.au-PFX-20160517\domain.com.au-PFX-CA-Cert.pem'' is an invalid command.

脚本

    $exedir = split-path -parent $MyInvocation.MyCommand.Definition
    cd $exedir
    #Powershell to use open SSL to convert a pfx to pem 
    Write-output "Please enter full path and PFX file" 
    $cert = read-host

    Write-output "Please enter password for you PFX" 
    $pfxpass = read-host


    $date = Get-date -Format "yyyMMdd"
    $certDirf = Get-item "$cert" | select basename
    $string = [io.path]::GetFileNameWithoutExtension($cert)
    $string2 = $string.Substring(0)
    $certDir = $string2
    $opssl = "$exedir\openssl.exe"
    Write-output "$certDir"

    $opssltest = If (Test-Path $exedir\openssl.exe){
      Write-host "found OpenSSL.exe"
      }
      Else
      {
      write-host "couldn't find openSSL.exe"
      } 
      Invoke-Command -scriptblock { $opssltest }



Function Get-Key {
if (!(test-path $certdir-$date)){mkdir $certdir-$date -force}
cd $exedir
$Argu = "pkcs12 -in '$cert' -passin pass:$pfxpass -nocerts -out '$certdir-$date\$certdir-encrypted-key.pem' -nodes"
Write-host "$argu"
Start-Process -FilePath "$opssl" -ArgumentList "pkcs12 -in '$cert' -passin pass:$pfxpass -nocerts -out '$certdir-$date\$certdir-encrypted-key.pem' -nodes"
Write-host "encrypted key written"
sleep 1
$Argu = "rsa -in $certdir-$date\$certdir-encrypted-key.pem -out $certdir-$date\$certdir-key.pem"
Write-host "$argu"
Start-Process -FilePath "$opssl" -ArgumentList "rsa -in '$certdir-$date\$certdir-encrypted-key.pem' -out '$certdir-$date\$certdir-key.pem'"
Write-host "Key Un-encrypted"
Menu
}

Function Get-Cert {
if (!(test-path $certdir-$date)){mkdir $certdir-$date -force}
cd $exedir
$Argu = "pkcs12 -in '$cert' -passin pass:$pfxpass -nokeys -clcerts -out '$certdir-$date\$certdir-Cert.pem'"
Write-host "$Argu"
Start-Process -FilePath "$opssl" -ArgumentList "pkcs12 -in '$cert' -passin pass:$pfxpass -nokeys -clcerts -out '$certdir-$date\$certdir-Cert.pem'"
Write-host "Cert exported"
Menu
}

Function Get-CACert {
if (!(test-path $certdir-$date)){mkdir $certdir-$date -force}
cd $exedir
$Argu = "pkcs12 -in '$cert' -passin pass:$pfxpass -nokeys -cacerts -out '$certdir-$date\$certdir-CA-Cert.pem'"
Write-host "$argu"
$type = "pkcs12"
Start-Process -FilePath "$opssl" -ArgumentList "pkcs12 -in '$cert' -passin pass:$pfxpass -nokeys -cacerts -out '$certdir-$date\$certdir-CA-Cert.pem'"
Write-host "CA-Cert exported"
Menu
}



Function Menu{
[int]$xMenuChoiceA = 0
while ( $xMenuChoiceA -lt 1 -or $xMenuChoiceA -gt 4 ){
Write-host "All exports are in PEM format except for privet keys"
Write-host "1. Export privet key"
Write-host "2. Export Certificate"
Write-host "3. Export Ca Certificaet"
write-host "4. Exit"
[Int]$xMenuChoiceA = read-host "Please enter an option 1 to 4..." }
Switch( $xMenuChoiceA ){
  1{Get-Key}
  2{Get-Cert}
  3{Get-CACert}
  4{Exit}
}
}
Menu

1 个答案:

答案 0 :(得分:1)

如果要调用本机应用程序(不是PowerShell命令行开关或脚本),只需这样说:

cmd.exe /C echo ohai

& 'cmd.exe' /C echo ohai

您可以使用&运算符指示您希望将变量解释为命令名称。在执行时间之前不知道文件路径时是完美的。

$arguments = "pkcs12 -in '$cert' -passin pass:$pfxpass -nocerts -out '$certdir-$date\$certdir-encrypted-key.pem' -nodes"

& $opssl $arguments

必须有一种方法可以使您的示例正常工作,但这是一个.NET问题。只需使用PowerShell为您完成工作。