Created
September 17, 2013 08:09
-
-
Save seawolf/6591395 to your computer and use it in GitHub Desktop.
I use DavMail to get KMail to pull e-mail down from the Exchange server at work, but they use certificates that change often (seems like when they reboot the server or something). This pull down the certificates from the servers (hits it multiple times as load-balanced servers may use different certificates), check to make sure they're different…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# TODO: make the diff'ing capable of more than two possible certificates! | |
max_attempts=10 | |
max=2 # how many possible certificates we need to fetch | |
fetched="" # all the numbers of the certificate filenames that we've successfully fetched (those that are different, so one per server) | |
keystore="/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts" | |
server="exchange-owa-server.mycompany.com" | |
echo -n " * Fetching first certificate: " | |
echo | openssl s_client -connect ${server}:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > 0.crt | |
echo "0" | |
echo -n " * Fetching other certificates: " | |
for i in $(seq 1 $max_attempts) ; do | |
sleep 1 | |
echo -n "$i" | |
echo | openssl s_client -connect ${server}:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $i.crt | |
diff=$(diff -u 0.crt $i.crt) # have we a new certificate? | |
if [[ -z $diff ]]; then | |
echo -n "- " | |
rm $i.crt | |
else | |
echo -n "* " | |
fetched="$fetched $i" | |
fi | |
if [[ $(echo "$fetched" | wc -w) == $((max-1)) ]]; then | |
fetched="0 $fetched" | |
echo -e "\n * Found all necessary certificates: $fetched" | |
break | |
fi | |
done | |
sudo -p " > Please enter your password to gain 'sudo' access: " echo -e " * 'sudo' access granted.\n" | |
echo " * Importing certificates..." | |
list=$(sudo keytool -list -keystore "$keystore" -storepass changeit -noprompt) | |
for i in $fetched ; do | |
echo -n " ** $i.crt: " | |
if [[ ! -z $(echo "$list" | grep "exchange-$i") ]]; then | |
sudo keytool -delete -alias "exchange-$i" -keystore "$keystore" -storepass changeit -noprompt && \ | |
echo -n "removed old Certificate from keystore; " | |
fi | |
sudo keytool -import -alias "exchange-$i" -keystore "$keystore" -storepass changeit -noprompt -trustcacerts -file $i.crt | |
done | |
echo -e "\n * Complete." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment