Skip to content

Instantly share code, notes, and snippets.

@hameno hameno/cacerts.sh forked from abs/gist:c0d598996870dda719b3
Last active Sep 18, 2016

Embed
What would you like to do?
Downloads and installs the startssl CA certs into the global Java keystore
#!/bin/sh
#
# Downloads and installs the startssl CA certs into the global java keystore
# Author: Klaus Reimer <k@ailis.de>
# Updated: Philip Schiffer <admin@psdev.de>
#
# Check if JAVA_HOME is set
if [ "$JAVA_HOME" = "" ]
then
echo "ERROR: JAVA_HOME must be set."
exit 1
fi
# Check if cacerts file is present
if [ ! -f "$JAVA_HOME/lib/security/cacerts" ]; then
if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
JAVA_HOME="$JAVA_HOME/jre"
else
echo "ERROR: \$JAVA_HOME/lib/security/cacerts not found. JAVA_HOME set correctly?"
exit 1
fi
fi
# Download the startssl certs
echo "Downloading certs..."
curl -O -s https://www.startssl.com/certs/ca.crt
curl -O -s https://www.startssl.com/certs/ca-g2.crt
curl -O -s https://www.startssl.com/certs/ca-sha2.crt
# Install certs into global keystore
echo "Adding certs to cacerts keystore (sudo password required)..."
"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias startcom.ca -file ca.crt
"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias ca-g2 -file ca-g2.crt
"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias ca-sha2 -file ca-sha2.crt
# If jsse is installed then also put the certs into jssecacerts keystore
if [ -f "$JAVA_HOME/lib/security/jssecacerts" ]
then
echo "Adding certs to jssecacerts keystore (sudo password required)..."
"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -noprompt -alias startcom.ca -file ca.crt
"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -noprompt -alias ca-g2 -file ca-g2.crt
"$JAVA_HOME/bin/keytool" -import -trustcacerts -keystore "$JAVA_HOME/lib/security/jssecacerts" -storepass changeit -noprompt -alias ca-sha2 -file ca-sha2.crt
fi
# Remove downloaded certs
#rm -f ca.crt ca-g2.crt ca-sha2.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.