pit/old ssl fix

## old ssl fix
apt update
apt install -y --no-install-recommends apt-transport-https ca-certificates curl

cd /tmp
rm /tmp/*.pem
curl -LO https://www.websecurity.symantec.com/content/dam/websitesecurity/support/digicert/thawte/ica/Thawte_TLS_RSA_CA_G1.pem
curl -LO https://www.websecurity.symantec.com/content/dam/websitesecurity/support/digicert/thawte/ica/Thawte_RSA_CA_2018.pem
curl -LO https://www.websecurity.symantec.com/content/dam/websitesecurity/support/digicert/thawte/ica/Thawte_EV_RSA_CA_2018.pem
cp /tmp/*.pem /etc/ssl/certs/

# When will ask for certificates to enable choose all with Digicert/Thawte in their names
dpkg-reconfigure ca-certificates


# One line by one, when will ask for override - say yes
sudo keytool -import -trustcacerts -storepass changeit -file ./Thawte_RSA_CA_2018.pem            -alias Thawte_RSA_CA_2018_v2             -keystore /etc/ssl/certs/java/cacerts
sudo keytool -import -trustcacerts -storepass changeit -file ./Thawte_EV_RSA_CA_2018.pem         -alias Thawte_EV_RSA_CA_2018_v2          -keystore /etc/ssl/certs/java/cacerts
sudo keytool -import -trustcacerts -storepass changeit -file ./Thawte_TLS_RSA_CA_G1.pem          -alias Thawte_TLS_RSA_CA_G1_v2           -keystore /etc/ssl/certs/java/cacerts
sudo keytool -import -trustcacerts -storepass changeit -file ./DigiCertGlobalRootCA.pem          -alias DigiCertGlobalRootCA_v2           -keystore /etc/ssl/certs/java/cacerts
sudo keytool -import -trustcacerts -storepass changeit -file ./DigiCertHighAssuranceEVRootCA.pem -alias DigiCertHighAssuranceEVRootCA_v2  -keystore /etc/ssl/certs/java/cacerts
sudo keytool -import -trustcacerts -storepass changeit -file ./DigiCert_Global_Root_G2.pem       -alias DigiCert_Global_Root_G2_v2        -keystore /etc/ssl/certs/java/cacerts

update-ca-certificates
	apt update
	apt install -y --no-install-recommends apt-transport-https ca-certificates curl

	cd /tmp
	rm /tmp/*.pem
	curl -LO https://www.websecurity.symantec.com/content/dam/websitesecurity/support/digicert/thawte/ica/Thawte_TLS_RSA_CA_G1.pem
	curl -LO https://www.websecurity.symantec.com/content/dam/websitesecurity/support/digicert/thawte/ica/Thawte_RSA_CA_2018.pem
	curl -LO https://www.websecurity.symantec.com/content/dam/websitesecurity/support/digicert/thawte/ica/Thawte_EV_RSA_CA_2018.pem
	cp /tmp/*.pem /etc/ssl/certs/

	# When will ask for certificates to enable choose all with Digicert/Thawte in their names
	dpkg-reconfigure ca-certificates


	# One line by one, when will ask for override - say yes
	sudo keytool -import -trustcacerts -storepass changeit -file ./Thawte_RSA_CA_2018.pem -alias Thawte_RSA_CA_2018_v2 -keystore /etc/ssl/certs/java/cacerts
	sudo keytool -import -trustcacerts -storepass changeit -file ./Thawte_EV_RSA_CA_2018.pem -alias Thawte_EV_RSA_CA_2018_v2 -keystore /etc/ssl/certs/java/cacerts
	sudo keytool -import -trustcacerts -storepass changeit -file ./Thawte_TLS_RSA_CA_G1.pem -alias Thawte_TLS_RSA_CA_G1_v2 -keystore /etc/ssl/certs/java/cacerts
	sudo keytool -import -trustcacerts -storepass changeit -file ./DigiCertGlobalRootCA.pem -alias DigiCertGlobalRootCA_v2 -keystore /etc/ssl/certs/java/cacerts
	sudo keytool -import -trustcacerts -storepass changeit -file ./DigiCertHighAssuranceEVRootCA.pem -alias DigiCertHighAssuranceEVRootCA_v2 -keystore /etc/ssl/certs/java/cacerts
	sudo keytool -import -trustcacerts -storepass changeit -file ./DigiCert_Global_Root_G2.pem -alias DigiCert_Global_Root_G2_v2 -keystore /etc/ssl/certs/java/cacerts

	update-ca-certificates