Last active
July 19, 2024 07:18
-
-
Save carlfriedrich/9739617ce9df86a0c439ac51442ec32d to your computer and use it in GitHub Desktop.
import-windows-certificates-to-wsl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# This script exports certain certificates from Windows and installs them in WSL. | |
# It can be run from WSL using the following command: | |
# | |
# bash -c "$(wget -O - https://gist.githubusercontent.com/carlfriedrich/9739617ce9df86a0c439ac51442ec32d/raw)" | |
# | |
CERTIFICATES=( | |
"ZEIT-SRV-CA" | |
"Zscaler Root CA" | |
) | |
if [[ -d /usr/local/share/ca-certificates ]]; then | |
certificate_path="/usr/local/share/ca-certificates" | |
elif [[ -d /usr/share/pki/trust/anchors ]]; then | |
certificate_path="/usr/share/pki/trust/anchors" | |
else | |
echo "No destination path for certificates found" | |
exit 1 | |
fi | |
TMP_DIR=$(mktemp -d) | |
pushd ${TMP_DIR} > /dev/null | |
for certificate in "${CERTIFICATES[@]}" | |
do | |
# Replace whitespace with underscores for filename | |
filename=${certificate// /_} | |
# Export certificates from Windows | |
powershell.exe -c " | |
Export-Certificate -Cert @( | |
Get-ChildItem 'cert:\LocalMachine' -recurse | | |
Where-Object { \$_.Subject -match 'CN=${certificate}' } | |
)[0] -FilePath ${filename}.cer -Type CERT" | |
# Convert to Linux format and install in WSL | |
sudo openssl x509 -inform der \ | |
-in ${filename}.cer \ | |
-out ${certificate_path}/${filename}.crt | |
done | |
sudo update-ca-certificates | |
popd > /dev/null | |
rm -rf ${TMP_DIR} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment