Last active
August 20, 2022 15:56
-
-
Save jaybutzler/f88a30512545c7d3b7dd88a4b47271f8 to your computer and use it in GitHub Desktop.
Use openssl to fetch the certificate chain for a domain and add these certificates to the Ubuntu CA trust store.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Use openssl to fetch the certificate chain for a domain and add these | |
# certificates to the Ubuntu CA trust store. This is a fast and dirty | |
# method when using cloud services like ZScaler with SSL scanning, where | |
# the Cloud Enforcement Node certifcate changes frequently. | |
if [[ -z "$1" ]] ; then | |
echo Syntax error, please provide the fully qualified domain name | |
echo address: "update_chain google.com" | |
echo | |
else | |
cd /tmp | |
echo "QUIT" | openssl s_client -showcerts -connect ${1}:443 2>&1 | sed -n "/BEGIN CERTIFICATE/,/END CERTIFICATE/p" > sclient_bundle.crt | |
csplit -s -z -f sclient_`date +"%FT%H%M%S"` -b _%02d.crt sclient_bundle.crt '/-----BEGIN CERTIFICATE-----/' '{*}' | |
sudo cp /tmp/sclient_*_*.crt /usr/local/share/ca-certificates | |
sudo update-ca-certificates | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment