rechner/install-ca.sh

## install-ca.sh
#!/bin/bash
# vim: set ts=4 sw=4 expandtab sts=4 smartindent
set -o pipefail

if [ $UID -ne 0 ]; then
    echo "Please run as root"
    exit 1
fi


which certutil || apt install -y libnss3-tools


server=ipa.example.com
certname="${server} Root CA"
ca_file="${server}-ca.crt"

curl http://ipa.knot.space/ipa/config/ca.crt > "/tmp/${ca_file}"

mkdir /usr/local/share/ca-certificates/extra
cp "/tmp/${ca_file}" "/usr/local/share/ca-certificates/extra/${ca_file}"
update-ca-certificates


###
### For cert8 (legacy - DBM)
###

for certDB in $(find ~/ -name "cert8.db")
do
    certdir=$(dirname ${certDB});
    certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i /tmp/${ca_file} -d dbm:${certdir}
done


###
### For cert9 (SQL)
###

for certDB in $(find ~/ -name "cert9.db")
do
    certdir=$(dirname ${certDB});
    certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i /tmp/${ca_file} -d sql:${certdir}
done

rm "/tmp/${ca_file}"
	#!/bin/bash
	# vim: set ts=4 sw=4 expandtab sts=4 smartindent
	set -o pipefail

	if [ $UID -ne 0 ]; then
	echo "Please run as root"
	exit 1
	fi


	which certutil \|\| apt install -y libnss3-tools


	server=ipa.example.com
	certname="${server} Root CA"
	ca_file="${server}-ca.crt"

	curl http://ipa.knot.space/ipa/config/ca.crt > "/tmp/${ca_file}"

	mkdir /usr/local/share/ca-certificates/extra
	cp "/tmp/${ca_file}" "/usr/local/share/ca-certificates/extra/${ca_file}"
	update-ca-certificates


	###
	### For cert8 (legacy - DBM)
	###

	for certDB in $(find ~/ -name "cert8.db")
	do
	certdir=$(dirname ${certDB});
	certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i /tmp/${ca_file} -d dbm:${certdir}
	done


	###
	### For cert9 (SQL)
	###

	for certDB in $(find ~/ -name "cert9.db")
	do
	certdir=$(dirname ${certDB});
	certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i /tmp/${ca_file} -d sql:${certdir}
	done

	rm "/tmp/${ca_file}"