Skip to content

Instantly share code, notes, and snippets.

@gnanet
Last active October 6, 2021 00:13
Show Gist options
  • Save gnanet/faababafcd3476e37101c3b1e120ded4 to your computer and use it in GitHub Desktop.
Save gnanet/faababafcd3476e37101c3b1e120ded4 to your computer and use it in GitHub Desktop.
Check if updated and self-signed ISRG Root X1 cert is present, then remove DST Root CA X3 from trusted CA-s, lastly update combined ca-certificates.pem on Debian
#!/bin/bash
#
# Check if updated and self-signed ISRG Root X1 cert is present
# then remove DST_Root_CA_X3 from trusted CA-s
# lastly update combined ca-certificates.pem
#
if [ -f /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt ]; then
check_self_x1=$(openssl x509 -noout -text -in /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt | grep Issuer | grep -E "CN\s*=\s*ISRG Root X1")
if [[ "x${check_self_x1}" != "x" ]]; then
sed -i.x3.bak -e "s|^mozilla/DST_Root_CA_X3.crt|\!mozilla/DST_Root_CA_X3.crt|g" /etc/ca-certificates.conf
rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
update-ca-certificates
fi
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment