$openSSLPath = "c:\OpenSSL-Win64\bin\openssl.exe" # path to openssl executable
$pfxPath = "c:\Certs\sp2013dev.apps.pfx"          # path to exported .pfx file
$pfxPassword = "QazWsx123"                        # password to exported .pfx file

$encryptedKeyName = "spaddin_encrypted.key"
$keyName = "spaddin.key"

$encryptKeyargs = @("pkcs12", "-in", $pfxPath, "-out", $encryptedKeyName, "-nocerts", "-nodes", "-passin", "pass:$($pfxPassword)")
$rawKeyargs = @("rsa", "-in", $encryptedKeyName, "-out", $keyName)

Write-Host ""
Write-Host "Running command:"
Write-Host ""
Write-Host "$($openSSLPath) $($encryptKeyargs)"
Write-Host ""

& $openSSLPath $encryptKeyargs 

Write-Host "Running command:"
Write-Host ""
Write-Host "$($openSSLPath) $($rawKeyargs)"
Write-Host ""

$result = & $openSSLPath $rawKeyargs 2>&1 | Out-String

$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($pfxPath, $pfxPassword)

$result = [System.Convert]::ToBase64String($certificate.GetCertHash()).Replace('+', '-').Replace('/', '_').Replace("=", "")

Write-Host "SHA thumbprint: $($result)"