Splitting PEM certs and inserting into JKS

create-bundle-truststore.sh

#!/usr/bin/env bash

function split-bundle() {
   local input_file="${1}"
   local prefix="${2:-cert-}"
   csplit -z -f "${prefix}"  "${input_file}" '/-----BEGIN CERTIFICATE-----/' '{*}'
}

function new-truststore() {
   local output_jks="${1:-output.jks}"
   local password="${2:-changeit}"
   local prefix="${3:-cert-}"
   local files=($(find "$PWD" -iname "${prefix}*" | sort ))
   for i in "${files[@]}"
   do 
     echo "Adding "${i}""
     local common_name="$(openssl x509 -in $i -subject   -noout| grep -Po "CN = \K([^,]+)")"
     keytool -import -file $i -keystore "${output_jks}" -trustcacerts -alias "${common_name}" -storepass "${password}" -noprompt
   done
}

function create-bundle-truststore() {
    local tempdir="/tmp/workdir"
    rm -fr "${tempdir}"
    mkdir -p "${tempdir}"
    pushd "${tempdir}"
    split-bundle "${1}"
    new-truststore output.jks
    keytool -keystore output.jks  -storepass changeit -list 
    popd
    cp "${tempdir}/output.jks" .
}

Very naive little script. Assumes the header is -----BEGIN CERTIFICATE----- and uses the common name as the JKS alias.