Created
September 20, 2020 23:59
-
-
Save grommitz/7364ac99a9d2c3f9cbf68c8c570c5acb to your computer and use it in GitHub Desktop.
Remove expired certificates from a keystore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# remove expired certs from a keystore | |
# set FN to the keystore file | |
# set the regex to identify expired certs. in my example anything mentioning 2019 is considered expired. | |
FN=cacerts.jks | |
echo "finding expired certs..." | |
ALIASES=`keytool -list -v -keystore $FN -storepass changeit | grep -i 'alias\|until' | grep --before=1 'until.*2019' | grep Alias | awk -F': ' '{print $2}' | sort` | |
#echo "$ALIASES" | |
N=`echo "$ALIASES" | wc -l` | |
echo "Found $N expired certs" | |
echo "$ALIASES" > aliases.txt | |
while read p; do | |
echo "removing $p..." | |
`keytool -delete -alias "$p" -keystore $FN -storepass changeit` | |
done <aliases.txt | |
echo "Done." |
This seems to fail on the Mac. Has it been tested there?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
Here is the fork of your script, that deletes aliases by comparing with today-date:
https://gist.github.com/damkh/a4a0d74891f92b0285a3853418357c1e