-
-
Save fdxxw/756f0ac5e07acbfb0cc14144ae21cf70 to your computer and use it in GitHub Desktop.
Let's Encrypt Java Certs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| download_cert() { | |
| URL="https://letsencrypt.org/certs/${1}.der" | |
| wget --quiet --no-clobber $URL | |
| } | |
| import_cert() { | |
| CERT=$1 | |
| CERT_ALIAS=$2 | |
| if [ -z "$CERT_ALIAS" ]; | |
| then | |
| CERT_ALIAS=${CERT%%.*} | |
| fi | |
| keytool -importcert -noprompt -trustcacerts \ | |
| -keystore "$KEYSTORE" -storepass changeit \ | |
| -alias "$CERT_ALIAS" -file "$CERT" | |
| } | |
| if [ -z "$JAVA_HOME" ]; | |
| then | |
| echo "JAVA_HOME not set" | |
| exit 1 | |
| fi | |
| read -p "Updating keystore for JRE located at $JAVA_HOME. Is this correct? [y/N]: " -n 1 -r | |
| echo | |
| if [[ ! $REPLY =~ ^[Yy]$ ]] | |
| then | |
| echo "Cancelled" | |
| exit 1 | |
| fi | |
| #KEYSTORE="$JAVA_HOME/jre/lib/security/cacerts" | |
| echo "Downloading certificates..." | |
| download_cert isrgrootx1 | |
| download_cert lets-encrypt-x1-cross-signed | |
| download_cert lets-encrypt-x2-cross-signed | |
| download_cert lets-encrypt-x3-cross-signed | |
| download_cert lets-encrypt-x4-cross-signed | |
| echo "Importing root certificate..." | |
| import_cert isrgrootx1.der lets-encrypt-isrgrootx1 | |
| echo "Import cross-signed certificate 1..." | |
| import_cert lets-encrypt-x1-cross-signed.der | |
| echo "Import cross-signed certificate 2..." | |
| import_cert lets-encrypt-x2-cross-signed.der | |
| echo "Import cross-signed certificate 3..." | |
| import_cert lets-encrypt-x3-cross-signed.der | |
| echo "Import cross-signed certificate 4..." | |
| import_cert lets-encrypt-x4-cross-signed.der | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment