gleicon/make-icpbrasil-bundle.sh

## make-icpbrasil-bundle.sh
#!/bin/bash

HTTPADDR=http://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/ACcompactado.zip
DEST=/etc/ssl/certs/icp-brasil

mkdir -p ${DEST}
cd ${DEST}
rm -f *.crt
rm -f *.zip

wget "$HTTPADDR"

unzip *.zip

for fn in $(file *.crt|grep data|sed 's/: *data//')
do
  mv $fn  $fn.der
  openssl x509 -inform der -in $fn.der -out $fn
done
#rm *.der

for f in $(ls *.crt); do
  dos2unix $f > /dev/null
  openssl x509 -text -in $f >> bundle.crt
done

#Ref: http://blog.gendoc.com.br/2012/03/instalando-os-certificados-ac-do-icp-brasil-para-e-cpf-e-e-cnpj/
#Ref: http://www.iti.gov.br/icp-brasil/certificados/188-atualizacao/4530-ac-raiz

## site.conf
<VirtualHost *:443>
(...)
    SSLCACertificateFile /etc/ssl/certs/icp-brasil/bundle.crt
(...)
</VirtualHost>
	#!/bin/bash

	HTTPADDR=http://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/ACcompactado.zip
	DEST=/etc/ssl/certs/icp-brasil

	mkdir -p ${DEST}
	cd ${DEST}
	rm -f *.crt
	rm -f *.zip

	wget "$HTTPADDR"

	unzip *.zip

	for fn in $(file .crt\|grep data\|sed 's/: data//')
	do
	mv $fn $fn.der
	openssl x509 -inform der -in $fn.der -out $fn
	done
	#rm *.der

	for f in $(ls *.crt); do
	dos2unix $f > /dev/null
	openssl x509 -text -in $f >> bundle.crt
	done

	#Ref: http://blog.gendoc.com.br/2012/03/instalando-os-certificados-ac-do-icp-brasil-para-e-cpf-e-e-cnpj/
	#Ref: http://www.iti.gov.br/icp-brasil/certificados/188-atualizacao/4530-ac-raiz
	<VirtualHost *:443>
	(...)
	SSLCACertificateFile /etc/ssl/certs/icp-brasil/bundle.crt
	(...)
	</VirtualHost>