Skip to content

Instantly share code, notes, and snippets.

@aaronzirbes
Created February 3, 2012 10:15
Show Gist options
  • Save aaronzirbes/1729503 to your computer and use it in GitHub Desktop.
Save aaronzirbes/1729503 to your computer and use it in GitHub Desktop.
This will add a web server's SSL certificate to your Ubuntu System-wide keystore
#!/bin/bash
host=$1
port=$2
# Make sure we got the host name
if (( ${#host} == 0 )); then
echo "usage: $0 <hostname> [port]"
exit 1
elif (( ${#port} == 0 )); then
# Set default port if it wasn't passed
port=443
fi
# Check for root/sudo access
if ( ! sudo -n echo -n ''); then
echo "This script requires root access to run. please run:"
echo " sudo $0 $host $port"
fi
# Make sure ca-certificates-java is installed
if (dpkg -s ca-certificates-java 2> /dev/null > /dev/null); then
sudo apt-get install -y ca-certificates-java
fi
# check for local ca-certificates folder
if [ ! -d /usr/share/ca-certificates/local ]; then
sudo mkdir /usr/share/ca-certificates/local/
fi
# Get the certificate, and write it to a file
echo "" | openssl s_client -showcerts -host ${host} -port ${port} 2> /dev/null \
| openssl x509 | sudo tee /usr/share/ca-certificates/local/$host.crt
# add the new file to the configuration
echo "local/$host.crt" | sudo tee -a /etc/ca-certificates.conf
# run update-ca-certificates
sudo update-ca-certificates
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment