Created
February 2, 2024 18:14
-
-
Save StevePlace68/5c50e11061c5bf1faa59d65d5ea78b45 to your computer and use it in GitHub Desktop.
Split certificates from a certificate chain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Define file locations/password, change to match your machine | |
CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt" | |
TRUSTSTORE="/path/to/my-truststore.jks" | |
TRUSTSTORE_PASS="changeit" | |
# Split the ca-bundle.crt into individual certificates | |
csplit -sz "$CA_BUNDLE" '/-----BEGIN CERTIFICATE-----/' '{*}' | |
# Loop through the split files, import each into the Java KeyStore | |
for CERT in xx*; do | |
# Generate an alias from the certificate file | |
ALIAS=$(openssl x509 -noout -subject -in "$CERT" | sed -e "s/.*CN=\(.*\)/\1/") | |
# Import the certificate | |
keytool -import -noprompt -trustcacerts -file "$CERT" -alias "$ALIAS" -keystore "$TRUSTSTORE" -storepass "$TRUSTSTORE_PASS" | |
# Clean up the temporary certificate file | |
rm "$CERT" | |
done | |
echo "All certificates have been imported into the truststore." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment