hameno/cacerts.sh

## cacerts.sh
#!/bin/sh
#
# Downloads and installs the startssl CA certs into the global java keystore
# Author: Klaus Reimer <k@ailis.de>
# Updated: Philip Schiffer <admin@psdev.de>
#

# Check if JAVA_HOME is set
if [ "$JAVA_HOME" = "" ]
then
    echo "ERROR: JAVA_HOME must be set."
    exit 1
fi

# Check if cacerts file is present
if [ ! -f "$JAVA_HOME/lib/security/cacerts" ]; then
	if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
		JAVA_HOME="$JAVA_HOME/jre"
	else
		echo "ERROR: \$JAVA_HOME/lib/security/cacerts not found. JAVA_HOME set correctly?"
		exit 1
	fi
fi

# Download the startssl certs
echo "Downloading certs..."
curl -O -s https://www.startssl.com/certs/ca.crt
curl -O -s https://www.startssl.com/certs/ca-g2.crt
curl -O -s https://www.startssl.com/certs/ca-sha2.crt

# Install certs into global keystore
echo "Adding certs to cacerts keystore (sudo password required)..."
"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias startcom.ca -file ca.crt
"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias ca-g2 -file ca-g2.crt
"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias ca-sha2 -file ca-sha2.crt

# If jsse is installed then also put the certs into jssecacerts keystore
if [ -f "$JAVA_HOME/lib/security/jssecacerts" ]
then
    echo "Adding certs to jssecacerts keystore (sudo password required)..."
    "$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -noprompt -alias startcom.ca -file ca.crt
    "$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -noprompt -alias ca-g2 -file ca-g2.crt
    "$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -noprompt -alias ca-sha2 -file ca-sha2.crt
fi

# Remove downloaded certs
#rm -f ca.crt ca-g2.crt ca-sha2.crt
	#!/bin/sh
	#
	# Downloads and installs the startssl CA certs into the global java keystore
	# Author: Klaus Reimer <k@ailis.de>
	# Updated: Philip Schiffer <admin@psdev.de>
	#

	# Check if JAVA_HOME is set
	if [ "$JAVA_HOME" = "" ]
	then
	echo "ERROR: JAVA_HOME must be set."
	exit 1
	fi

	# Check if cacerts file is present
	if [ ! -f "$JAVA_HOME/lib/security/cacerts" ]; then
	if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
	JAVA_HOME="$JAVA_HOME/jre"
	else
	echo "ERROR: \$JAVA_HOME/lib/security/cacerts not found. JAVA_HOME set correctly?"
	exit 1
	fi
	fi

	# Download the startssl certs
	echo "Downloading certs..."
	curl -O -s https://www.startssl.com/certs/ca.crt
	curl -O -s https://www.startssl.com/certs/ca-g2.crt
	curl -O -s https://www.startssl.com/certs/ca-sha2.crt

	# Install certs into global keystore
	echo "Adding certs to cacerts keystore (sudo password required)..."
	"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias startcom.ca -file ca.crt
	"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias ca-g2 -file ca-g2.crt
	"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias ca-sha2 -file ca-sha2.crt

	# If jsse is installed then also put the certs into jssecacerts keystore
	if [ -f "$JAVA_HOME/lib/security/jssecacerts" ]
	then
	echo "Adding certs to jssecacerts keystore (sudo password required)..."
	"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -noprompt -alias startcom.ca -file ca.crt
	"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -noprompt -alias ca-g2 -file ca-g2.crt
	"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -noprompt -alias ca-sha2 -file ca-sha2.crt
	fi

	# Remove downloaded certs
	#rm -f ca.crt ca-g2.crt ca-sha2.crt