Skip to content

Instantly share code, notes, and snippets.

@giabao

giabao/install-letsencrypt-in-jdk.sh

Forked from hedefalk/install-letsencrypt-in-jdk.sh
Last active May 24, 2016 17:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save giabao/7079225854996803ae38e8713ff5b30c to your computer and use it in GitHub Desktop.
Save giabao/7079225854996803ae38e8713ff5b30c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
install-letsencrypt-in-jdk.sh
#!/bin/bash
# This script add letsencrypt certs to $JAVA_HOME/jre/lib/security/cacerts
# see https://community.letsencrypt.org/t/will-the-cross-root-cover-trust-by-the-default-list-in-the-jdk-jre/134/22
JAVA_HOME=${1-text}
[ $# -eq 0 ] && { echo "Usage: sudo $0 \$JAVA_HOME" ; exit 1; }
KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts
alias keytool=$JAVA_HOME/bin/keytool
wget https://letsencrypt.org/certs/isrgrootx1.pem
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
# to be idempotent
keytool -delete -alias isrgrootx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null
keytool -delete -alias letsencryptauthorityx3 -keystore $KEYSTORE -storepass changeit 2> /dev/null
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias isrgrootx1 -file isrgrootx1.pem
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
rm isrgrootx1.pem lets-encrypt-x3-cross-signed.der
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment