-
-
Save galan/ec8b5f92dd325a97e2f66e524d28aaf8 to your computer and use it in GitHub Desktop.
| #!/bin/bash -e | |
| # JAVA_HOME can be passed as argument if not set | |
| if [ ! -d $JAVA_HOME ]; then | |
| JAVA_HOME=${1} | |
| fi | |
| KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts | |
| if [ ! -f "$KEYSTORE" ]; then | |
| echo "Keystore not found in '$KEYSTORE'" | |
| exit 1 | |
| fi | |
| cp $KEYSTORE $KEYSTORE.`date +"%Y%m%d%H%m%S"` | |
| wget https://letsencrypt.org/certs/letsencryptauthorityx1.der | |
| wget https://letsencrypt.org/certs/letsencryptauthorityx2.der | |
| wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der | |
| wget https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der | |
| wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der | |
| wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der | |
| # to be idempotent | |
| keytool -delete -alias isrgrootx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias isrgrootx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias letsencryptauthorityx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias letsencryptauthorityx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias letsencryptauthorityx3 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias letsencryptauthorityx4 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias isrgrootx1 -file letsencryptauthorityx1.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias isrgrootx2 -file letsencryptauthorityx2.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx1 -file lets-encrypt-x1-cross-signed.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx2 -file lets-encrypt-x2-cross-signed.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx4 -file lets-encrypt-x4-cross-signed.der | |
| rm -f letsencryptauthorityx1.der letsencryptauthorityx2.der lets-encrypt-x1-cross-signed.der lets-encrypt-x2-cross-signed.der lets-encrypt-x3-cross-signed.der lets-encrypt-x4-cross-signed.der |
Hi, thanks for your script. I would suggest, that the test if JAVA_HOME is set or empty should be enhanced your script:
if [ "x$JAVA_HOME" == "x" ]; then
JAVA_HOME=${1}
echo "Set JAVA_HOME env. variable"
fi
if [ ! -d $JAVA_HOME ]; then ...
because JAVA_HOME is set but empty.
Thanks for doing the initial work in this @galan.
I've forked your version to update it with information on the current set (as of 2020-02-07) of Let's Encrypt's intermediate certs. At the same time I've incorporated @amcsSH's suggestion above, and used the Bash 4 dictionary feature to remove the redundant duplication of certificate names and files.
If you don't have set PATH to $JAVA_HOME/jre/bin/ then keytool won't work.
Here a simple fix:
change all commands "keytool" with this:
$JAVA_HOME/jre/bin/keytool
Please refer to LetsEncrypt's Chain of Trust document for up-to-date references.
Hint: I needed to adapt the script to download and install https://letsencrypt.org/certs/lets-encrypt-r3.der
You saved my day! Thx for sharing!