Skip to content

Instantly share code, notes, and snippets.

@EHJ-52n
Last active January 22, 2023 18:29
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save EHJ-52n/aeb071aa334339a41a990859e25aeef0 to your computer and use it in GitHub Desktop.
Save EHJ-52n/aeb071aa334339a41a990859e25aeef0 to your computer and use it in GitHub Desktop.
Install Let's Encrypt Cross Signed Root Certificates in all Jenkins JDKs
#!/bin/bash
#
# Description
# This scripts downloads the latest certificates available and installs them
# to all keystores available
#
# Get all installed JDKs
#
PWD=$(pwd)
JDKS_HOME=/var/lib/jenkins/tools/hudson.model.JDK/
JDK_LIST=$(ls -1 $JDKS_HOME)
DATE=$(date +%Y-%m-%d)
#
# Download latest certificates to /tmp/cert-installation
#
CERT_DOWNLOAD=/tmp/cert-installation
mkdir -p ${CERT_DOWNLOAD}
cd ${CERT_DOWNLOAD}
echo "PDW $(pwd)"
echo "Downloading certificates"
echo "------------------------"
echo ""
wget https://letsencrypt.org/certs/letsencryptauthorityx1.der
wget https://letsencrypt.org/certs/letsencryptauthorityx2.der
wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der
echo ""
echo "------------------------"
for JDK in ${JDK_LIST}; do
echo "Processing JDK: '${JDK}'"
echo "-------------------------"
read -rp $'Skip this JDK (y/N) : ' -i $'N' key;
if [ "$key" == "y" ];
then
echo "Skipping..."
continue
fi
KEYSTORE=${JDKS_HOME}${JDK}/jre/lib/security/cacerts
KEYTOOL=${JDKS_HOME}${JDK}/bin/keytool
# to be idempotent
$KEYTOOL -delete -alias isrgrootx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias isrgrootx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias letsencryptauthorityx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias letsencryptauthorityx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias letsencryptauthorityx3 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -delete -alias letsencryptauthorityx4 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias isrgrootx1 -file letsencryptauthorityx1.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias isrgrootx2 -file letsencryptauthorityx2.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias letsencryptauthorityx1 -file lets-encrypt-x1-cross-signed.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias letsencryptauthorityx2 -file lets-encrypt-x2-cross-signed.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
$KEYTOOL -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -import -alias letsencryptauthorityx4 -file lets-encrypt-x4-cross-signed.der
echo ""
echo "-------------------------"
echo ""
done
cd $PWD
rm -rv ${CERT_DOWNLOAD}
@mhicauber
Copy link

Awesome thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment