Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Download ICP-Brasil certificates and make a bundle
#!/bin/bash
HTTPADDR=http://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/ACcompactado.zip
DEST=/etc/ssl/certs/icp-brasil
mkdir -p ${DEST}
cd ${DEST}
rm -f *.crt
rm -f *.zip
wget "$HTTPADDR"
unzip *.zip
for fn in $(file *.crt|grep data|sed 's/: *data//')
do
mv $fn $fn.der
openssl x509 -inform der -in $fn.der -out $fn
done
#rm *.der
for f in $(ls *.crt); do
dos2unix $f > /dev/null
openssl x509 -text -in $f >> bundle.crt
done
#Ref: http://blog.gendoc.com.br/2012/03/instalando-os-certificados-ac-do-icp-brasil-para-e-cpf-e-e-cnpj/
#Ref: http://www.iti.gov.br/icp-brasil/certificados/188-atualizacao/4530-ac-raiz
<VirtualHost *:443>
(...)
SSLCACertificateFile /etc/ssl/certs/icp-brasil/bundle.crt
(...)
</VirtualHost>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.