Skip to content

Instantly share code, notes, and snippets.

@rechner
Created April 23, 2022 08:30
Show Gist options
  • Save rechner/ff972583f017c6941a71c97bf8169b24 to your computer and use it in GitHub Desktop.
Save rechner/ff972583f017c6941a71c97bf8169b24 to your computer and use it in GitHub Desktop.
Installs an IPA root certificate locally
#!/bin/bash
# vim: set ts=4 sw=4 expandtab sts=4 smartindent
set -o pipefail
if [ $UID -ne 0 ]; then
echo "Please run as root"
exit 1
fi
which certutil || apt install -y libnss3-tools
server=ipa.example.com
certname="${server} Root CA"
ca_file="${server}-ca.crt"
curl http://ipa.knot.space/ipa/config/ca.crt > "/tmp/${ca_file}"
mkdir /usr/local/share/ca-certificates/extra
cp "/tmp/${ca_file}" "/usr/local/share/ca-certificates/extra/${ca_file}"
update-ca-certificates
###
### For cert8 (legacy - DBM)
###
for certDB in $(find ~/ -name "cert8.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i /tmp/${ca_file} -d dbm:${certdir}
done
###
### For cert9 (SQL)
###
for certDB in $(find ~/ -name "cert9.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i /tmp/${ca_file} -d sql:${certdir}
done
rm "/tmp/${ca_file}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment