Skip to content

Instantly share code, notes, and snippets.

@damkh
Forked from grommitz/removeExpiredCerts.sh
Last active February 26, 2024 15:17
Show Gist options
  • Save damkh/a4a0d74891f92b0285a3853418357c1e to your computer and use it in GitHub Desktop.
Save damkh/a4a0d74891f92b0285a3853418357c1e to your computer and use it in GitHub Desktop.
Remove expired certificates from a keystore
#!/bin/bash
# remove expired certs from a keystore
# set FN to the keystore file
FN=cacerts.jks
echo "finding expired certs..."
ALIASES=`keytool -list -v -keystore $FN -storepass changeit | grep -i 'alias\|until' `
echo "$ALIASES" > aliases.txt
i=1
# Split dates and aliases to different arrays
while read p; do
if ! ((i % 2)); then
arr_date+=("$p")
else
arr_cn+=("$p")
fi
i=$((i+1))
done < aliases.txt
i=0
# Parse until-dates ->
# convert until-dates to "seconds from 01-01-1970"-format ->
# compare until-dates with today-date ->
# delete expired aliases
for date_idx in $(seq 0 $((${#arr_date[*]}-1)));
do
a_date=`echo ${arr_date[$date_idx]} | awk -F"until: " '{print $2}'`
if [ `date +%s --date="$a_date"` -lt `date +%s` ];
then
echo "removing ${arr_cn[$i]} expired: $a_date"
alias_name=`echo "${arr_cn[$i]}" | awk -F"name: " '{print $2}'`
keytool -delete -alias "$alias_name" -keystore $FN -storepass changeit
fi
i=$((i+1))
done
echo "Done."
@grommitz
Copy link

thanks Damir, thats a great improvement!

@m-reza-rahman
Copy link

FYI, this does not work on the Mac due to date parsing issues.

@andersberglunddacke
Copy link

@m-reza-rahman It works if you replace the date command with gdate (gnu date)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment