Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
import RDS certificates to java keystore on alpine / osx
#!/usr/bin/env sh
#i tried it and working like charm just have to note make the file .sh chmod +x and you may need sudo to run with permission but be carefull with sudo
#be sure the $JAVA_HOME is configure correctly or make it static as commentedline 7 below
OLDDIR="$PWD"
if [ -z "$CACERTS_FILE" ]; then
# you should have java home configure to point for example /usr/lib/jvm/default-java/jre/lib/security/cacerts
CACERTS_FILE=$JAVA_HOME/jre/lib/security/cacerts
fi
mkdir /tmp/rds-ca && cd /tmp/rds-ca
echo "Downloading RDS certificates..."
curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem > rds-combined-ca-bundle.pem
csplit -sk rds-combined-ca-bundle.pem "/-BEGIN CERTIFICATE-/" "{$(grep -c 'BEGIN CERTIFICATE' rds-combined-ca-bundle.pem | awk '{print $1 - 2}')}"
for CERT in xx*; do
# extract a human-readable alias from the cert
ALIAS=$(openssl x509 -noout -text -in $CERT |
perl -ne 'next unless /Subject:/; s/.*CN=//; print')
echo "importing $ALIAS"
# import the cert into the default java keystore
keytool -import \
-keystore $CACERTS_FILE \
-storepass changeit -noprompt \
-alias "$ALIAS" -file $CERT
done
cd "$OLDDIR"
rm -r /tmp/rds-ca
@reflog
Copy link

reflog commented Jan 2, 2018

Thanks, this was crazy helpful! Couldn't figure out why my code couldn't connect to RDS and your approach fixed it!

@JasonLunn
Copy link

JasonLunn commented Feb 13, 2018

👍

@privatejava
Copy link

privatejava commented Oct 24, 2018

you are awesome !! 👍 👍 👍
Made my day 🍻

@putneyj
Copy link

putneyj commented Dec 19, 2018

Just a heads up, in case anyone else runs into this, the process is slightly different for OpenJDK11, at least on the OpenJDK11 docker image:

https://gist.github.com/putneyj/1f666d9a01505fed678a672d0635713f

@sd65
Copy link

sd65 commented Mar 21, 2019

Thanks for this! I simplified the code using this csplit pattern option :
{*} repeat the previous pattern as many times as possible

So this line become :
csplit -sk rds-combined-ca-bundle.pem "/-BEGIN CERTIFICATE-/" "{*}"
I find it more readable.

@swapnilgangrade01
Copy link

swapnilgangrade01 commented Jul 30, 2021

Hello,
I am using openjdk:8-jdk-alpine alpine image for build. How to install csplit in it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment