Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<#
.Synopsis
Get Solr SSL cert from docker container and install it into local Windows machine.
.Example
.\import-docker-solrssl.ps1 -DockerContainer sc90-solr66 -InstallCert
.Example
.\import-docker-solrssl.ps1 -DockerContainer sc90-solr66 -KeystoreFile ./solr-ssl.keystore.jsk -InstallCert
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)] $DockerContainer,
[Parameter(Mandatory=$false)] $KeystoreFile='solr-ssl.keystore.jks',
[Parameter(Mandatory=$false)] $KeystorePassword='secret',
[switch] $InstallCert,
[switch] $Clobber
)
$Error.Clear()
Trap
{
Write-Error $_.ErrorDetails.Message
Write-Error $_.InvocationInfo.PositionMessage
Write-Error $_.CategoryInfo.ToString()
Write-Error $_.FullyQualifiedErrorId
$e = $_.Exception
while ($e.InnerException) {
$e = $e.InnerException
$msg += "`n" + $e.Message
}
break;
}
$P12Path = [IO.Path]::ChangeExtension($KeystoreFile, 'p12')
if((Test-Path $P12Path)) {
if($Clobber) {
Write-Host "Removing $P12Path..."
Remove-Item $P12Path
} else {
$P12Path = Resolve-Path $P12Path
Write-Error "Keystore file $P12Path already existed. To regenerate it, pass -Clobber."
}
}
else {
$P12Path = Join-Path $PSScriptRoot $P12Path
}
Write-Verbose "p12 path `'$P12Path`'"
# get cert from docker container
# cert location in docker: /opt/solr/server/etc/solr-ssl.keystore.jks
$dockerPath = $("$DockerContainer`:/opt/solr/server/etc/$KeystoreFile")
Write-Verbose "First arg: $dockerPath"
& docker cp $dockerPath $PSScriptRoot
$certPath = Join-Path $PSScriptRoot $KeystoreFile
if (Test-Path $certPath){
Write-Verbose "Cert `'$certPath`' has been copied successfully."
}
else {
Write-Verbose "Cannot find cert at location `'$certPath`'"
}
try {
# requires JAVA_HOME to be in the PATH environment variable
$keytool = (Get-Command 'keytool.exe').Source
} catch {
$keytool = Read-Host "keytool.exe not on path. Enter path to keytool (found in JRE bin folder)"
if([string]::IsNullOrEmpty($keytool) -or -not (Test-Path $keytool)) {
Write-Error "Keytool path was invalid."
}
}
Write-Host ''
Write-Host 'Generating .p12 to import to Windows...'
& $keytool -importkeystore -srckeystore $certPath -destkeystore $P12Path -srcstoretype jks -deststoretype pkcs12 -srcstorepass $KeystorePassword -deststorepass $KeystorePassword
if ($InstallCert) {
Write-Host ''
Write-Host 'Trusting generated SSL certificate...'
Write-Verbose "Installing cert `'$P12Path`'"
$secureStringKeystorePassword = ConvertTo-SecureString -String $KeystorePassword -Force -AsPlainText
$root = Import-PfxCertificate -FilePath $P12Path -Password $secureStringKeystorePassword -CertStoreLocation Cert:\LocalMachine\Root
Write-Host "Solr SSL certificate was imported from docker container `'$DockerContainer`' and is now locally trusted. (added as root CA)"
}
@adoprog

This comment has been minimized.

Copy link

adoprog commented Nov 17, 2017

In the .Example section there is a misprint - .jsk should be changed to .jks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.