-
-
Save Bachmann1234/24566da4afc0a65e9a58a8d434015b01 to your computer and use it in GitHub Desktop.
import RDS certificates to java keystore on alpine / osx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/zsh | |
set -euo pipefail | |
IFS=$'\n\t' | |
# i tried it and working like charm just have to note make the file .sh chmod +x and you may need sudo to run with permission but be carefull with sudo | |
# be sure the $JAVA_HOME is configure correctly or make it static as commentedline 7 below | |
OLDDIR="${PWD}" | |
CACERTS_FILE=$(/usr/libexec/java_home -v 1.8)/jre/lib/security/cacerts | |
mkdir /tmp/rds-ca && cd /tmp/rds-ca | |
echo "Downloading RDS certificates..." | |
curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem > rds-combined-ca-bundle.pem | |
csplit -sk rds-combined-ca-bundle.pem "/-BEGIN CERTIFICATE-/" "{$(grep -c 'BEGIN CERTIFICATE' rds-combined-ca-bundle.pem | awk '{print $1 - 2}')}" | |
for CERT in xx*; do | |
# extract a human-readable alias from the cert | |
ALIAS=$(openssl x509 -noout -text -in "${CERT}" | | |
perl -ne 'next unless /Subject:/; s/.*CN=//; print') | |
echo "importing ${ALIAS}" | |
# delete existing | |
# keytool -delete -alias "${ALIAS}" \ | |
# -keystore "${CACERTS_FILE}" \ | |
# -storepass changeit -noprompt | |
# import the cert into the default java keystore | |
keytool -import \ | |
-keystore "${CACERTS_FILE}" \ | |
-storepass changeit -noprompt \ | |
-alias "${ALIAS}" -file "${CERT}" | |
done | |
cd "${OLDDIR}" | |
rm -r /tmp/rds-ca |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment