From 5f5fa00da5ec8c2db5e6a83c5d83ff3e79096ffc Mon Sep 17 00:00:00 2001 From: Dawid Ciecierski Date: Wed, 23 Jan 2019 14:19:50 +0100 Subject: [PATCH] Allow exporting only key/cert This is useful in scenarios where the target app requires separate files for key/cert. --- ssl-windows/Convert-PfxToPem.ps1 | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/ssl-windows/Convert-PfxToPem.ps1 b/ssl-windows/Convert-PfxToPem.ps1 index ee3a371a..5a26e009 100644 --- a/ssl-windows/Convert-PfxToPem.ps1 +++ b/ssl-windows/Convert-PfxToPem.ps1 @@ -17,6 +17,10 @@ Private key passphrase, if applicable. .PARAMETER Overwrite Clobber any existing file when writing the PEM key file. + .PARAMETER CertOnly + Export only the certificate part of PFX file. + .PARAMETER KeyOnly + Export only the key part of PFX file. #> # @@ -55,7 +59,11 @@ Param( [Parameter(Mandatory=$false, Position=2)] [string] $PEMFile, - [switch] $Overwrite = $false + [switch] $Overwrite = $false, + + [switch] $CertOnly = $false, + + [switch] $KeyOnly = $false ) Add-Type @' @@ -193,10 +201,25 @@ if (-not $cert.PrivateKey.CspKeyContainerInfo.Exportable) Exit } -$result = [MongoDB_Utils]::PfxCertificateToPem($cert) +if ($CertOnly -and $KeyOnly) +{ + Write-Warning "CertOnly and KeyOnly parameters are mutually exclusive" +} -$parameters = ([Security.Cryptography.RSACryptoServiceProvider] $cert.PrivateKey).ExportParameters($true) -$result += "`r`n" + [MongoDB_Utils]::RsaPrivateKeyToPem($parameters); +if (-not $KeyOnly) +{ + $result = [MongoDB_Utils]::PfxCertificateToPem($cert) +} + +if (-not $CertOnly) +{ + $parameters = ([Security.Cryptography.RSACryptoServiceProvider] $cert.PrivateKey).ExportParameters($true) + if ($result) + { + $result += "`r`n" + } + $result += [MongoDB_Utils]::RsaPrivateKeyToPem($parameters); +} if (-not $PEMFile) {