Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
digicertのCA証明書をJavaに追加する
#!/bin/bash
(
cd /tmp
wget http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt
/bin/cp -ap /etc/pki/java/cacerts /tmp/etc_pki_java_cacerts.backup.$(sha1sum /etc/pki/java/cacerts|perl -pe's/ .*//')
keytool -import -trustcacerts -alias digicert -file DigiCertSHA2SecureServerCA.crt -keystore /etc/pki/java/cacerts -storepass changeit
/bin/cp -ap /etc/pki/java/cacerts /tmp/etc_pki_java_cacerts.backup.$(sha1sum /etc/pki/java/cacerts|perl -pe's/ .*//')
diff <(keytool -list -keystore etc_pki_java_cacerts.backup.2f8da47e32696e71801b52ff57fe4b246776a850 -storepass changeit|sort) \
<(keytool -list -keystore /etc/pki/java/cacerts -storepass changeit|sort)
)
@kawaz

This comment has been minimized.

Copy link
Owner Author

@kawaz kawaz commented Apr 2, 2020

対象サーバに必要なCA証明書を調べるのは以下で行いました。

$ echo | openssl s_client -connect conf.uw.docomo.ne.jp:443 | openssl x509 -text | grep -i issuer
depth=3 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = JP, ST = Tokyo, L = Chiyoda-Ku, O = NTT DOCOMO.INC, OU = Service Design Department 02, CN = conf.uw.docomo.ne.jp
verify return:1
DONE
        Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment