0

I am attempting to utilise Powershell to automate the creation of some PFX certs using Openssl. I am trying to create a foreach loop that takes both the private pem key and the certificate that was issued and pushes out a pfx file using the openssl pkcs12 command. I have attempted to create an object on which the foreach loop can grab the data but I don't believe the correct value is being parsed through to the openssl command.

$openssldir = "C:\openssl-1.1\x64\bin"
$certlocation = "C:\openssl-1.1\x64\bin\Certs"
$keylocation = "C:\openssl-1.1\x64\bin\Keys"
$pfxlocation = "C:\openssl-1.1\x64\bin\PFX"

$certs = (Get-ChildItem -path $certlocation -File).Name
$keys = (Get-ChildItem -path $keylocation -File).Name


$certpath = $certs | foreach{".\Certs\" + $_}
$keypath = $keys | foreach{".\Keys\" + $_}

set-location -Path $openssldir


$a = @()
$obj = New-Object PSObject
$obj | Add-Member -type NoteProperty -Name 'cert' -Value $certpath
$obj | Add-Member -Type NoteProperty -Name 'key' -Value $keypath


$a += $obj



ForEach($item in $a){
$pfx = $item.cert
$pfxfile = $pfx.replace(".cer",".pfx")
.\openssl.exe pkcs12 -export -out PFX/$pfxfile -inkey $item.key -in $item.cert -password pass: 
}

I can run the command manually and it works no problem and I can even run the command using the specific entries in the array like:

.\openssl.exe pkcs12 -export -out PFX/test.pfx -inkey $item.key[0] -in $item.cert[0] -password pass:

I've probably just got some syntax wrong or something stupid so any help is appreciated!

Ryan

Improve this question
0

1 Answer 1

Reset to default
1

When you build the $obj object you are only creating one object with a property containing an array of $certpath paths and another property with an array of $keypath paths. I believe your intention is to create separate objects containing one matching certpath and keypath. If so, you need some additional logic to do this matching and place the appropriate single certpaths and keypaths together in each $obj using a some loops.

Unfortunately I am unable to test this code, however I think it should work. The foreach loop on the $a variable is the main difference from your code and is where the certs are being matched with the keys. I also moved the code for the pfx file name here.

$openssldir = 'C:\openssl-1.1\x64\bin'
$certlocation = 'C:\openssl-1.1\x64\bin\Certs'
$keylocation = 'C:\openssl-1.1\x64\bin\Keys'
$pfxlocation = 'C:\openssl-1.1\x64\bin\PFX'

$opensslExe = "$openssldir\openssl.exe"

$certs = Get-ChildItem -Path $certlocation -File
$keys = Get-ChildItem -Path $keylocation -File

$a = foreach ($cert in $certs) {
    [PSCustomObject]@{
        cert    = $cert.FullName
        key     = ($keys | 
                Where-Object( { $_.BaseName -like $cert.BaseName }) | 
                Select-Object -First 1).FullName
        pfxfile = $cert.Name.Replace('.cer', '.pfx')
    }    
}

ForEach ($item in $a) {
    & $opensslExe pkcs12 -export -out "$pfxlocation/$($item.pfxfile)" -inkey $item.key -in $item.cert -password pass: 
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hi @Daniel, thank you for your help with this one! Your code looks brilliant but when I run it I am getting an error from OpenSSL that it is unable to load certificates. When I try $item.cert it is pointing to the full path of the cert which I would've thought would work.. Do you have any suggestion on maybe parsing a shorter path ?
I've added an additional field under the PSCustomObject of: certshort = "Certs/" + $cert.BaseName + ".cer" I've used this in the openssl command and it seems to like that a bit more. Thank you @Daniel for your help! If there is a better way instead of the way I have written the certshort field please let me know!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.