Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Install Let's Encrypt Cross Signed Root Certificates in all Jenkins JDKs
#!/bin/bash
#
# Description
# This scripts downloads the latest certificates available and installs them
# to all keystores available
#
# Get all installed JDKs
#
PWD=$(pwd)
JDKS_HOME=/var/lib/jenkins/tools/hudson.model.JDK/
JDK_LIST=$(ls -1 $JDKS_HOME)
DATE=$(date +%Y-%m-%d)
#
# Download latest certificates to /tmp/cert-installation
#
CERT_DOWNLOAD=/tmp/cert-installation
mkdir -p ${CERT_DOWNLOAD}
cd ${CERT_DOWNLOAD}
echo "PDW $(pwd)"
echo "Downloading certificates"
echo "------------------------"
echo ""
wget https://letsencrypt.org/certs/letsencryptauthorityx1.der
wget https://letsencrypt.org/certs/letsencryptauthorityx2.der
wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der
echo ""
echo "------------------------"
for JDK in ${JDK_LIST}; do
echo "Processing JDK: '${JDK}'"
echo "-------------------------"
read -rp $'Skip this JDK (y/N) : ' -i $'N' key;
if [ "$key" == "y" ];
then
echo "Skipping..."
continue
fi
KEYSTORE=${JDKS_HOME}${JDK}/jre/lib/security/cacerts
KEYTOOL=${JDKS_HOME}${JDK}/bin/keytool
# to be idempotent
$KEYTOOL -delete -alias isrgrootx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias isrgrootx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias letsencryptauthorityx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias letsencryptauthorityx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias letsencryptauthorityx3 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias letsencryptauthorityx4 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias isrgrootx1 -file letsencryptauthorityx1.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias isrgrootx2 -file letsencryptauthorityx2.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias letsencryptauthorityx1 -file lets-encrypt-x1-cross-signed.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias letsencryptauthorityx2 -file lets-encrypt-x2-cross-signed.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias letsencryptauthorityx4 -file lets-encrypt-x4-cross-signed.der
echo ""
echo "-------------------------"
echo ""
done
cd $PWD
rm -rv ${CERT_DOWNLOAD}
@mhicauber

This comment has been minimized.

Copy link

@mhicauber mhicauber commented May 3, 2017

Awesome thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment