seawolf/download-certs.sh

## download-certs.sh
#!/bin/bash
#
# TODO: make the diff'ing capable of more than two possible certificates!

max_attempts=10
max=2  # how many possible certificates we need to fetch
fetched="" # all the numbers of the certificate filenames that we've successfully fetched (those that are different, so one per server)
keystore="/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts"
server="exchange-owa-server.mycompany.com"

echo -n "  * Fetching first certificate: "
echo | openssl s_client -connect ${server}:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > 0.crt
echo "0"

echo -n "  * Fetching other certificates: "
for i in $(seq 1 $max_attempts) ; do
  sleep 1
  echo -n "$i"
  echo | openssl s_client -connect ${server}:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $i.crt

  diff=$(diff -u 0.crt $i.crt) # have we a new certificate?
  if [[ -z $diff ]]; then
    echo -n "- "
    rm $i.crt
  else
    echo -n "* "
    fetched="$fetched $i"
  fi

  if [[ $(echo "$fetched" | wc -w) == $((max-1)) ]]; then
    fetched="0 $fetched"
    echo -e "\n  * Found all necessary certificates: $fetched"
    break
  fi

done

sudo -p "  > Please enter your password to gain 'sudo' access: " echo -e "  * 'sudo' access granted.\n"

echo "  * Importing certificates..."
list=$(sudo keytool -list -keystore "$keystore" -storepass changeit -noprompt)
for i in $fetched ; do
  echo -n " ** $i.crt: "
  if [[ ! -z $(echo "$list" | grep "exchange-$i") ]]; then
    sudo keytool -delete -alias "exchange-$i" -keystore "$keystore" -storepass changeit -noprompt && \
    echo -n "removed old Certificate from keystore; "
  fi
  sudo keytool -import -alias "exchange-$i" -keystore "$keystore" -storepass changeit -noprompt -trustcacerts -file $i.crt
done

echo -e "\n  * Complete."
	#!/bin/bash
	#
	# TODO: make the diff'ing capable of more than two possible certificates!

	max_attempts=10
	max=2 # how many possible certificates we need to fetch
	fetched="" # all the numbers of the certificate filenames that we've successfully fetched (those that are different, so one per server)
	keystore="/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts"
	server="exchange-owa-server.mycompany.com"

	echo -n " * Fetching first certificate: "
	echo \| openssl s_client -connect ${server}:443 2>&1 \| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > 0.crt
	echo "0"

	echo -n " * Fetching other certificates: "
	for i in $(seq 1 $max_attempts) ; do
	sleep 1
	echo -n "$i"
	echo \| openssl s_client -connect ${server}:443 2>&1 \| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $i.crt

	diff=$(diff -u 0.crt $i.crt) # have we a new certificate?
	if [[ -z $diff ]]; then
	echo -n "- "
	rm $i.crt
	else
	echo -n "* "
	fetched="$fetched $i"
	fi

	if [[ $(echo "$fetched" \| wc -w) == $((max-1)) ]]; then
	fetched="0 $fetched"
	echo -e "\n * Found all necessary certificates: $fetched"
	break
	fi

	done

	sudo -p " > Please enter your password to gain 'sudo' access: " echo -e " * 'sudo' access granted.\n"

	echo " * Importing certificates..."
	list=$(sudo keytool -list -keystore "$keystore" -storepass changeit -noprompt)
	for i in $fetched ; do
	echo -n " ** $i.crt: "
	if [[ ! -z $(echo "$list" \| grep "exchange-$i") ]]; then
	sudo keytool -delete -alias "exchange-$i" -keystore "$keystore" -storepass changeit -noprompt && \
	echo -n "removed old Certificate from keystore; "
	fi
	sudo keytool -import -alias "exchange-$i" -keystore "$keystore" -storepass changeit -noprompt -trustcacerts -file $i.crt
	done

	echo -e "\n * Complete."