Created
May 19, 2016 20:15
-
-
Save carlos-jenkins/1ee89681d3432a54312f2fcbced0e3fa to your computer and use it in GitHub Desktop.
Download and add SSL certificate to shared system NSS database. A.k.a how the fuck do you add a certificate to Chrome/Chromium.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -o errexit | |
set -o nounset | |
# set -o xtrace | |
DOMAIN=${1:-} | |
GREEN="\033[0;32m" | |
RED="\033[0;31m" | |
NO_COLOUR="\033[0m" | |
if [ -z "$(which certutil)" ]; then | |
echo -e -n "${RED}" | |
echo "certutil not found. Please install it with:" | |
echo "sudo apt-get install libnss3-tool" | |
echo -e -n "${NO_COLOUR}" | |
exit 1 | |
fi | |
if [ -z "$DOMAIN" ]; then | |
echo -e -n "${RED}" | |
echo "Usage:" | |
echo " ./add_cert.sh [domain]" | |
echo "For example:" | |
echo " ./add_cert.sh my.domain.com" | |
echo -e -n "${NO_COLOUR}" | |
exit 1 | |
fi | |
# Download certificate | |
echo -e "${GREEN}Downloading certificate from ${DOMAIN} ...${NO_COLOUR}" | |
echo QUIT | openssl s_client -connect "${DOMAIN}:443" | sed -ne '/BEGIN CERT/,/END CERT/p' > "${DOMAIN}" | |
# Add certificate | |
echo -e "${GREEN}Adding certificate ${DOMAIN} ...${NO_COLOUR}" | |
certutil -d "sql:${HOME}/.pki/nssdb" -A -t "P,," -n "${DOMAIN}" -i "${DOMAIN}" | |
# List certificates | |
echo -e "${GREEN}List of available certificates:${NO_COLOUR}" | |
# Add '-h all' to see all built-in certs | |
certutil -d "sql:${HOME}/.pki/nssdb" -L | |
echo -e "${GREEN}[DONE]${NO_COLOUR}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment