Skip to content

Instantly share code, notes, and snippets.

@Pierozi

Pierozi/aws-jks.sh

Created May 31, 2022 14:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Pierozi/90163661a7df62c41033d3638e567645 to your computer and use it in GitHub Desktop.
Save Pierozi/90163661a7df62c41033d3638e567645 to your computer and use it in GitHub Desktop.
Download ZIP
Bundle AWS Certificate to JKS
Raw
aws-jks.sh
#!/usr/bin/env bash
#
# Download bundle certificates to import it in JKS
#
# source: AWS Documentation
# https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html#connect_programmatically-tls_enabled
mydir=/tmp/certs
truststore=${mydir}/rds-truststore.jks
storepassword=<CHANGE-ME>
curl -sS "https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem" > ${mydir}/global-bundle.pem
awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ".pem"}' < ${mydir}/rds-combined-ca-bundle.pem
for CERT in rds-ca-*; do
alias=$(openssl x509 -noout -text -in $CERT | perl -ne 'next unless /Subject:/; s/.*(CN=|CN = )//; print')
echo "Importing $alias"
keytool -import -file ${CERT} -alias "${alias}" -storepass ${storepassword} -keystore ${truststore} -noprompt
rm $CERT
done
rm ${mydir}/global-bundle.pem
echo "Trust store content is: "
keytool -list -v -keystore "$truststore" -storepass ${storepassword} | grep Alias | cut -d " " -f3- | while read alias
do
expiry=`keytool -list -v -keystore "$truststore" -storepass ${storepassword} -alias "${alias}" | grep Valid | perl -ne 'if(/until: (.*?)\n/) { print "$1\n"; }'`
echo " Certificate ${alias} expires in '$expiry'"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment