Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
set -e
JAVA_HOME=${1-text}
[ $# -eq 0 ] && { echo "Usage: sudo $0 \$(/usr/libexec/java_home -v '1.8*')" ; exit 1; }
KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts
wget https://letsencrypt.org/certs/letsencryptauthorityx1.der
wget https://letsencrypt.org/certs/letsencryptauthorityx2.der
wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der
# to be idempotent
keytool -delete -alias isrgrootx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
keytool -delete -alias isrgrootx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
keytool -delete -alias letsencryptauthorityx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
keytool -delete -alias letsencryptauthorityx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
keytool -delete -alias letsencryptauthorityx3 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
keytool -delete -alias letsencryptauthorityx4 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias isrgrootx1 -file letsencryptauthorityx1.der
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias isrgrootx2 -file letsencryptauthorityx2.der
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx1 -file lets-encrypt-x1-cross-signed.der
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx2 -file lets-encrypt-x2-cross-signed.der
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx4 -file lets-encrypt-x4-cross-signed.der
rm -f letsencryptauthorityx1.der letsencryptauthorityx2.der lets-encrypt-x1-cross-signed.der lets-encrypt-x2-cross-signed.der lets-encrypt-x3-cross-signed.der lets-encrypt-x4-cross-signed.der
@JuniorBatista

This comment has been minimized.

Copy link

JuniorBatista commented May 25, 2016

You must restart the server after running the sh?

@JasonJanelle

This comment has been minimized.

Copy link

JasonJanelle commented Jun 20, 2016

@JuniorBatista yes you will have to restart any java processes that need to use the new certs

@EHJ-52n

This comment has been minimized.

Copy link

EHJ-52n commented Mar 15, 2017

@Firefishy I have an version for jenkins users: install_lets-encrypt_jenkins-jdks.sh

The keytool version I have requires to change the option -importcert to -import.

@Pablohn26

This comment has been minimized.

Copy link

Pablohn26 commented May 31, 2017

@EHJ-52n maybe this helps you

@Sicaine

This comment has been minimized.

Copy link

Sicaine commented Sep 21, 2018

If you are using debian, you can use the following package: https://packages.debian.org/de/stretch/ca-certificates-java, link the trust store of your jvm to that one and use the update-ca-certificates tool to integrate custome certificates.

But there is a big chance, that after using the ca-certificates-java, you don't need to add those certificates manually anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.