Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
JAVA_HOME=${1-text}
[ $# -eq 0 ] && { echo "Usage: sudo $0 \$(/usr/libexec/java_home -v '1.8*')" ; exit 1; }
KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts
wget https://letsencrypt.org/certs/isrgrootx1.pem
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der
# to be idempotent
keytool -delete -alias isrgrootx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null
keytool -delete -alias letsencryptauthorityx3 -keystore $KEYSTORE -storepass changeit 2> /dev/null
keytool -delete -alias letsencryptauthorityx4 -keystore $KEYSTORE -storepass changeit 2> /dev/null
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias isrgrootx1 -file isrgrootx1.pem
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx4 -file lets-encrypt-x4-cross-signed.der
rm isrgrootx1.pem lets-encrypt-x3-cross-signed.der lets-encrypt-x4-cross-signed.der
@Firefishy

This comment has been minimized.

Copy link

@Firefishy Firefishy commented Apr 16, 2016

I'd recommend importing X1 + X2 + X3 + X4 and both roots. Also the idempotent commands should not kill the script if running with set -e
See: https://gist.github.com/Firefishy/109b0f1a90156f6c933a50fe40aa777e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.