Skip to content

Instantly share code, notes, and snippets.

@larsfuehrer

larsfuehrer/convert-pem-to-jks.sh

Created May 3, 2022 13:17
Show Gist options
  • Save larsfuehrer/5d4ae525b64b322d501446e4beedb5f3 to your computer and use it in GitHub Desktop.
Save larsfuehrer/5d4ae525b64b322d501446e4beedb5f3 to your computer and use it in GitHub Desktop.
Download ZIP
for: https://github.com/tmcallaghan/sysbench-mongodb#requirements script to convert a pem to jks truststore
Raw
convert-pem-to-jks.sh
mydir=/home/ec2-user/certs
truststore=${mydir}/rds-truststore.jks
storepassword=sysbench
mkdir /home/ec2-user/certs
curl -sS "https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem" > ${mydir}/rds-combined-ca-bundle.pem
awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ".pem"}' < ${mydir}/rds-combined-ca-bundle.pem
for CERT in rds-ca-*; do
alias=$(openssl x509 -noout -text -in $CERT | perl -ne 'next unless /Subject:/; s/.*(CN=|CN = )//; print')
echo "Importing $alias"
keytool -import -file ${CERT} -alias "${alias}" -storepass ${storepassword} -keystore ${truststore} -noprompt
rm $CERT
done
rm ${mydir}/rds-combined-ca-bundle.pem
echo "Trust store content is: "
keytool -list -v -keystore "$truststore" -storepass ${storepassword} | grep Alias | cut -d " " -f3- | while read alias
do
expiry=`keytool -list -v -keystore "$truststore" -storepass ${storepassword} -alias "${alias}" | grep Valid | perl -ne 'if(/until: (.*?)\n/) { print "$1\n"; }'`
echo " Certificate ${alias} expires in '$expiry'"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment