Redwax Tool

The universal certificate conversion tool.

Read certificates and keys from your chosen sources, filter the certificates and keys you're interested in, write those certificates and keys to the destinations of your choice.

Read In

Read certificates, keys, and crls from PEM files, PKCS12 files, and PKCS11 smartcards.

Filter

Passthrough all certificates and keys, search for a given certificate along with related intermediate certificates and keys, or verify certificates for validity to a key and a trust chain.

Write Out

Write certificates and keys as PEM encoded files, to an NSS certificate database, to a PKCS12 file, or to a PKCS11 smartcard. Alternatively, write metadata as YAML, XML, or JSON.

Examples

Try some of these out.

PEM to PKCS12

Take all certificates and keys in the given PEM files, pass through and write the certificate, the intermediate certificates, and key to a PKCS12 file.


[root@chestnut redwax.eu]$ redwax-tool --pem-in fullchain.pem --pem-in privkey.pem --filter passthrough --pkcs12-out cert.p12
pem-in: certificate: CN=redwax.eu
pem-in: intermediate: CN=R3,O=Let's Encrypt,C=US
pem-in: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pem-in: private key
pkcs12-out: certificate: CN=redwax.eu
pkcs12-out: intermediate: CN=R3,O=Let's Encrypt,C=US
pkcs12-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pkcs12-out: private key
Enter PKCS12 export passphrase for cert.p12:
Verifying - Enter PKCS12 export passphrase for cert.p12:

PEM to NSS

Take all certificates and keys in the given PEM files, pass through and write the certificate, the intermediate certificates, and key to an NSS certificate database.


[root@chestnut redwax.eu]$ redwax-tool --pem-in fullchain.pem --pem-in privkey.pem --filter passthrough --nss-out /etc/dirsrv/slapd-chestnut/
pem-in: certificate: CN=redwax.eu
pem-in: intermediate: CN=R3,O=Let's Encrypt,C=US
pem-in: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pem-in: private key
nss-out: private key
Enter NSS Certificate DB for /etc/dirsrv/slapd-chestnut/: 
Verifying - Enter NSS Certificate DB for /etc/dirsrv/slapd-chestnut/: 
nss-out: certificate: CN=redwax.eu
nss-out: intermediate: CN=R3,O=Let's Encrypt,C=US
nss-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US

PEM to PKCS11

Take all certificates and keys in the given PEM files, pass through and write the certificate, the intermediate certificates, and key to a smartcard accessible via a PKCS11 interface.


[root@chestnut redwax.eu]$ redwax-tool --pem-in fullchain.pem --pem-in privkey.pem --filter passthrough --pkcs11-module-out /usr/lib64/pkcs11/libsofthsm2.so --pkcs11-out "pkcs11:token=My%20Test%20Token"
pem-in: certificate: CN=redwax.eu
pem-in: intermediate: CN=R3,O=Let's Encrypt,C=US
pem-in: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pem-in: private key
Enter user PIN for My Test Token: 
pkcs11-out: key
pkcs11-out: certificate: CN=redwax.eu
pkcs11-out: intermediate: CN=R3,O=Let's Encrypt,C=US
pkcs11-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US

All Together Now

Take all certificates and keys in the given PEM files, pass through and write the certificate, the intermediate certificates, and key, to a PKCS12 file, an NSS database, and to a smartcard accessible via a PKCS11 interface.


[root@chestnut redwax.eu]$ redwax-tool --pem-in fullchain.pem --pem-in privkey.pem --filter passthrough --pkcs12-out cert.p12 --nss-out /etc/dirsrv/slapd-chestnut/ --pkcs11-module-out /usr/lib64/pkcs11/libsofthsm2.so --pkcs11-out "pkcs11:token=My%20Test%20Token"
pem-in: certificate: CN=redwax.eu
pem-in: intermediate: CN=R3,O=Let's Encrypt,C=US
pem-in: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pem-in: private key
pkcs12-out: certificate: CN=redwax.eu
pkcs12-out: intermediate: CN=R3,O=Let's Encrypt,C=US
pkcs12-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
pkcs12-out: private key
Enter PKCS12 export passphrase for cert.p12:
Verifying - Enter PKCS12 export passphrase for cert.p12:
Enter user PIN for My Test Token: 
pkcs11-out: key
pkcs11-out: certificate: CN=redwax.eu
pkcs11-out: intermediate: CN=R3,O=Let's Encrypt,C=US
pkcs11-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US
nss-out: private key
Enter NSS Certificate DB for /etc/dirsrv/slapd-chestnut/: 
nss-out: certificate: CN=redwax.eu
nss-out: intermediate: CN=R3,O=Let's Encrypt,C=US
nss-out: intermediate: CN=ISRG Root X1,O=Internet Security Research Group,C=US

Downloads

Use the source, Luke.

Binaries

Binaries for the Redwax Tool are available for various platforms.

Latest

Download the latest releases of the Redwax Tool from the distribution directory.

Prerelease

Prereleases that are under testing can be found here.

Getting Involved

Get the code. Ask questions. Track issues.

Source Control

The source code for the Redwax Tool is stored in Bitbucket and mirrored as an SVN repository.

Bitbucket: Browse the source code and submit pull requests using git.
Subversion: The repository of record is available using subversion.

Issue Tracking

Jira: Track issues in the Redwax Tool project.

Mailing Lists

The following mailing lists are available.

rt-users@redwax.eu: [Subscribe] [Unsubscribe] [Manage] [Archive] Help for end users.
rt-dev@redwax.eu: [Subscribe] [Unsubscribe] [Manage] [Archive]: Development discussion.
rt-commit@redwax.eu: [Subscribe] [Unsubscribe] [Manage] [Archive]: List for commit notices.

Continuous Integration

Builds are triggered automatically on commit by Jenkins.

redwax-tool:

Security Issues

Use the following address for contacting us to report security issues with the Redwax Tool.

rt-security@redwax.eu