Created
August 6, 2015 13:42
-
-
Save turtlebender/76913c02e1168b7c119a to your computer and use it in GitHub Desktop.
Script for adding certificate to java trusted store
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !/bin/bash | |
| # This script will grab the certificate from the specified host and add it to the Java cacerts keystore | |
| function usage | |
| { | |
| printf 'Usage: grab-cert.sh hostname port\n' >&2 | |
| exit 1 | |
| } | |
| if [ `id -u` != "0" ]; then | |
| printf 'You must be running as root to perform this update!\n' >&2 | |
| exit 1 | |
| fi | |
| keytool_command=$(find //usr/lib/jvm/java* -name keytool | head -1) | |
| if [ -z keytool_command ]; then | |
| printf 'Unable to locate the Java keytool command!\n' >&2; | |
| exit 1; | |
| fi | |
| if [ $# -gt 2 ]; then | |
| usage | |
| fi | |
| if [[ "$1" == "-h" || "$1" == "--help" ]]; then | |
| usage | |
| fi | |
| if [ $# -ne 0 ]; then | |
| host=$(echo $1 | cut -f 1 -d':') | |
| port=$(echo $1 | grep ':' | cut -f 2 -d':') | |
| fi | |
| if [ $# -eq 2 ]; then | |
| port=${port:-$2} | |
| fi | |
| while [ -z $host ] | |
| do | |
| read -p 'Enter the hostname where you wish to get the certificate from: ' host | |
| host=$(echo $host | cut -f 2 -d':') | |
| port=$(echo $host | grep ':' | cut -f 2 -d':') | |
| done | |
| if [ -z $port ]; then | |
| read -p 'Enter the port (default is 443): ' port | |
| fi | |
| port=${port:-443} | |
| cacerts_file=(`find /usr/lib/jvm/java* -name cacerts`) | |
| if [ ${#cacerts_file[@]} -gt 1 ] ; then | |
| printf "More than 1 cacerts file was found. You will need to modify this script to process the correct one!!!!\n" | |
| for file in "${cacerts_file[@]}" | |
| do | |
| printf "${file}\n" | |
| done | |
| printf "grab-cert.sh failed!\n\n" | |
| exit 1 | |
| fi | |
| if [ -z $cacerts_file ] ; then | |
| printf 'Could not locate the Java keystore!\n' >&2 | |
| exit 1 | |
| fi | |
| $keytool_command -delete -alias $host -keystore $cacerts_file -storepass changeit > /dev/null 2>&1 | |
| rm -f /tmp/${host}.pem | |
| echo "Grabbing the certificate from the server ${host}:${port} ...." | |
| echo "QUIT" | openssl s_client -connect ${host}:${port} 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/${host}.pem | |
| echo "Importing the certificate into the truststore ${cacerts_file} ...." | |
| $keytool_command -import -noprompt -trustcacerts -alias $host -file /tmp/${host}.pem -keystore $cacerts_file -storepass changeit | |
| rm -f /tmp/${host}.pem | |
| $keytool_command -list -v -keystore $cacerts_file -storepass changeit -alias $host | grep "Alias name:" | sed 's/^ *//' | |
| $keytool_command -list -v -keystore $cacerts_file -storepass changeit -alias $host | grep "IPAddress:" | sed 's/^ *//' | |
| $keytool_command -list -v -keystore $cacerts_file -storepass changeit -alias $host | grep "DNSName:" | sed 's/^ *//' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment