Skip to content

Instantly share code, notes, and snippets.

@laapsaap

laapsaap/certs_install.sh

Forked from J0s3f/certs_install.sh
Last active August 29, 2015 14:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save laapsaap/14bd62f59b1b58685ca9 to your computer and use it in GitHub Desktop.
Save laapsaap/14bd62f59b1b58685ca9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
certs_install.sh
#!/bin/sh
#
# Downloads and installs the startssl CA certs into the global java keystore
# Author: Klaus Reimer <k@ailis.de>
#
# Check if JAVA_HOME is set
if [ "$JAVA_HOME" = "" ]
then
echo "ERROR: JAVA_HOME must be set."
exit 1
fi
# Check if cacerts file is present
if [ ! -f $JAVA_HOME/jre/lib/security/cacerts ]
then
echo "ERROR: \$JAVA_HOME/jre/lib/security/cacerts not found. JAVA_HOME set correctly?"
exit 1
fi
# Download the startssl certs
echo "Downloading certs..."
wget --quiet --continue http://www.startssl.com/certs/ca.crt
wget --quiet --continue http://www.startssl.com/certs/sub.class1.server.ca.crt
wget --quiet --continue http://www.startssl.com/certs/sub.class2.server.ca.crt
wget --quiet --continue http://www.startssl.com/certs/sub.class3.server.ca.crt
wget --quiet --continue http://www.startssl.com/certs/sub.class4.server.ca.crt
wget --quiet --continue https://www.startssl.com/certs/ca-g2.cer
wget --quiet --continue https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
wget --quiet --continue https://www.startssl.com/certs/class2/sha2/pem/sub.class2.server.sha2.ca.pem
wget --quiet --continue https://www.startssl.com/certs/class3/sha2/pem/sub.class3.server.sha2.ca.pem
wget --quiet --continue https://www.startssl.com/certs/class4/sha2/pem/sub.ev.server.sha2.ca.pem
# Install certs into global keystore
echo "Adding certs to cacerts keystore (password required)..."
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca2 -file ca-g2.cer
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca2.sub.class1 -file sub.class1.server.sha2.ca.pem
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca2.sub.class2 -file sub.class2.server.sha2.ca.pem
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca2.sub.class3 -file sub.class3.server.sha2.ca.pem
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias startcom.ca2.sub.class4 -file sub.ev.server.sha2.ca.pem
# If jsse is installed then also put the certs into jssecacerts keystore
if [ -f $JAVA_HOME/jre/lib/security/jssecacerts ]
then
echo "Adding certs to jssecacerts keystore (password required)..."
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca -file ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca.sub.class1 -file sub.class1.server.ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca.sub.class2 -file sub.class2.server.ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca.sub.class3 -file sub.class3.server.ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca.sub.class4 -file sub.class4.server.ca.crt
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca2 -file ca-g2.cer
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca2.sub.class1 -file sub.class1.server.sha2.ca.pem
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca2.sub.class2 -file sub.class2.server.sha2.ca.pem
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca2.sub.class3 -file sub.class3.server.sha2.ca.pem
keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/jssecacerts -storepass changeit -noprompt -alias startcom.ca2.sub.class4 -file sub.ev.server.sha2.ca.pem
fi
# Remove downloaded certs
rm -f ca.crt sub.class1.server.ca.crt sub.class2.server.ca.crt sub.class3.server.ca.crt sub.class4.server.ca.crt ca-g2.cer sub.class1.server.sha2.ca.pem sub.class2.server.sha2.ca.pem sub.class3.server.sha2.ca.pem sub.ev.server.sha2.ca.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment