Created
March 11, 2011 22:23
-
-
Save caspian311/866683 to your computer and use it in GitHub Desktop.
Grab the public certificate from a remote https server to be installed into your ~/.pki/nssdb database for use by Google Chrome and whoever else looks there for certs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
read -p "host (example: www.google.com): " HOSTNAME | |
read -p "port[443]: " PORT | |
if [ -n $PORT ]; then | |
PORT=443 | |
fi | |
echo 'Q' | openssl s_client -connect $HOSTNAME:$PORT -showcerts 2>&1 | sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' > /tmp/server.cert.file.pem | |
PEM_CERT=`cat /tmp/server.cert.file.pem` | |
if [ -n $PEM_CERT ]; then | |
echo "No certificate was found at $HOSTNAME:$PORT" | |
else | |
echo "Found certificate:" | |
cat /tmp/server.cert.file.pem | |
read -p "Are you sure you want to trust this certificate? [y/N]: " TRUST | |
if [ "$TRUST" == "y" ] || [ "$TRUST" == "Y" ]; then | |
openssl x509 -in /tmp/server.cert.file.pem -inform PEM -out /tmp/server.cert.file.der -outform DER | |
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n HOSTNAME -i /tmp/server.cert.file.der | |
echo "Certificate was stored in $HOME/.pki/nssdb." | |
else | |
echo "Certificate was not trusted." | |
fi | |
fi | |
rm -f /tmp/server.cert.file.pem | |
rm -f /tmp/server.cert.file.der |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment