Forked from hedefalk/install-letsencrypt-in-jdk.sh
          
        
    
          Last active
          September 1, 2022 10:40 
        
      - 
      
- 
        Save Firefishy/109b0f1a90156f6c933a50fe40aa777e to your computer and use it in GitHub Desktop. 
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | #!/bin/bash | |
| set -e | |
| JAVA_HOME=${1-text} | |
| [ $# -eq 0 ] && { echo "Usage: sudo $0 \$(/usr/libexec/java_home -v '1.8*')" ; exit 1; } | |
| KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts | |
| wget https://letsencrypt.org/certs/letsencryptauthorityx1.der | |
| wget https://letsencrypt.org/certs/letsencryptauthorityx2.der | |
| wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der | |
| wget https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der | |
| wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der | |
| wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der | |
| # to be idempotent | |
| keytool -delete -alias isrgrootx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias isrgrootx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias letsencryptauthorityx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias letsencryptauthorityx2 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias letsencryptauthorityx3 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -delete -alias letsencryptauthorityx4 -keystore $KEYSTORE -storepass changeit 2> /dev/null || true | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias isrgrootx1 -file letsencryptauthorityx1.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias isrgrootx2 -file letsencryptauthorityx2.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx1 -file lets-encrypt-x1-cross-signed.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx2 -file lets-encrypt-x2-cross-signed.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx4 -file lets-encrypt-x4-cross-signed.der | |
| rm -f letsencryptauthorityx1.der letsencryptauthorityx2.der lets-encrypt-x1-cross-signed.der lets-encrypt-x2-cross-signed.der lets-encrypt-x3-cross-signed.der lets-encrypt-x4-cross-signed.der | 
@Firefishy I have an version for jenkins users: install_lets-encrypt_jenkins-jdks.sh
The keytool version I have requires to change the option -importcert to -import.
If you are using debian, you can use the following package: https://packages.debian.org/de/stretch/ca-certificates-java, link the trust store of your jvm to that one and use the update-ca-certificates tool to integrate custome certificates.
But there is a big chance, that after using the ca-certificates-java, you don't need to add those certificates manually anyway.
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
            
@JuniorBatista yes you will have to restart any java processes that need to use the new certs