Automatically enter user input several times to command stdin

Question

I need to perform a conversion of digital certificates from pfx to pem on an external application from which I can run system commands. I can do this from CLI by using the command:

openssl pkcs12 -in path/to/cert.pfx -out path/to/cert.pem

This will prompt the user for the certificate password, and secondly, for a passphrase.

I've tried the solution provided here: Automatically enter input in command line

And it is not working for me. So, if I try (note the line breaks):

printf 'the_password\nthe_passphrase\n' | openssl pkcs12 -in path/to/cert.pfx -out path/to/cert.pem

It will still ask me for the password and passphrase. I also tried using echo, without success.

Any ideas?

EDIT:

Following Level9's advice, I've tried using openssl options, like this:

openssl pkcs12 -in path/to/cert.pfx -out path/to/cert.pem -password pass:the_password -passout pass:

I've tried both providing a passphrase and not, like in the example. Now it generates the pem file, but if I try to open it from my file system, just to check if it's correct, then I'm asked for the password, but it will not accept the one I provided in the command line.

maybe this can help you: How to generate an openSSL key using a passphrase from the command line? — , Jun 15 '21 at 12:44

score 1 · Accepted Answer · edited Jun 15 '21 at 17:30

1

Have a look at the options for specifying passwords in openssl.

openssl pkcs12 -help

If that doesn't work for you then try the "expect" utility.

sudo apt install expect

edited Jun 15 '21 at 17:30

terdon

100,812

answered Jun 15 '21 at 11:19

Level9

347

I've tried doing a research in the command options (see my edit section in the question), but I don't seem to get it working. Since you knew there's something provided by the openssl options, could you tell me if I am doing anything wrong? – luis.ap.uyen Jun 15 '21 at 12:28
1

I'm not in position to try this now but if password of pfx is pfxpass then try enter openssl pkcs12 -in path/to/cert.pfx -out path/to/cert.pem -passin pass:pfxpass -passout pass: Of course you can specify a password after the : in the last command if you do want a password of the pem-file. – Level9 Jun 15 '21 at 12:53
Now it seems to work. Thanks a lot! I still don't know about the difference of the -password -passin and -passout options and why the "pass" prefix to the value (I'm not savvy on either digital certificates or Linux CLI), but I won't touch anything! :D – luis.ap.uyen Jun 15 '21 at 13:37

Automatically enter user input several times to command stdin

1 Answers1