-
-
Save rac3rx/2dc93fe5033a97f982b6e8a0461d60e4 to your computer and use it in GitHub Desktop.
Revisions
-
rac3rx revised this gist
Apr 14, 2022 . 1 changed file with 8 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,7 +29,14 @@ main() { exit 1 } # Verify if CA TRUST is EMPTY if not BACKUP if [ -d /etc/pki/ca-trust/source/anchors/ ] && [ -n "$(ls -A /etc/pki/ca-trust/source/anchors/)" ]; then echo "NOT-EMPTY"; find /etc/pki/ca-trust/source/anchors/ -type f -iregex '.*\.p7b$' -exec echo {} {}.BACKUP-`date +%s` \;; else echo "EMPTY"; fi # Download and extract the bundle cd $certdir wget -qP tmp $bundle unzip -qj tmp/${bundle##*/} -d tmp -
Apr 13, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,7 +4,7 @@ main() { # Location of bundle from DISA site url='https://public.cyber.mil/pki-pke/pkipke-document-library/' bundle=$(curl -s $url | awk -F '"' 'tolower($2) ~ /dod\.zip/ {print $2}') #bundle=https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_v5-6_dod.zip # Set cert directory and update command based on OS -
AfroThundr3007730 revised this gist
Jul 28, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,7 +4,7 @@ main() { # Location of bundle from DISA site url='https://public.cyber.mil/pki-pke/pkipke-document-library/' bundle=$(curl -s $url | awk -F '"' 'tolower($2) ~ /dod.zip/ {print $2}') #bundle=https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_v5-6_dod.zip # Set cert directory and update command based on OS -
Apr 23, 2020 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,7 +3,9 @@ main() { # Location of bundle from DISA site url='https://public.cyber.mil/pki-pke/pkipke-document-library/' bundle=$(curl -s $url | awk -F '"' '/dod.zip/ {print $2}') #bundle=https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_v5-6_dod.zip # Set cert directory and update command based on OS source /etc/os-release -
Apr 23, 2020 . 1 changed file with 49 additions and 39 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,43 +1,53 @@ #!/bin/bash # Import DoD root certificates into linux CA store main() { # Location of bundle from DISA site bundle=https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_v5-6_dod.zip # Set cert directory and update command based on OS source /etc/os-release if [[ $ID =~ (fedora|rhel|centos) || $ID_LIKE =~ (fedora|rhel|centos) ]]; then certdir=/etc/pki/ca-trust/source/anchors update=update-ca-trust elif [[ $ID =~ (debian|ubuntu|mint) || $ID_LIKE =~ (debian|ubuntu|mint) ]]; then certdir=/usr/local/share/ca-certificates update=update-ca-certificates else certdir=$1 update=$2 fi [[ -n $certdir && -n $update ]] || { echo 'Unable to autodetect OS using /etc/os-release.' echo 'Please provide CA certificate directory and update command.' echo 'Example: add-dod-certs.sh /cert/store/location update-cmd' exit 1 } # Extract the bundle cd $certdir wget -qP tmp $bundle unzip -qj tmp/${bundle##*/} -d tmp # Convert the PKCS#7 bundle into individual PEM files openssl pkcs7 -print_certs -in tmp/*.pem.p7b | awk 'BEGIN {c=0} /subject=/ {c++} {print > "cert." c ".pem"}' # Rename the files based on the CA name for i in *.pem; do name=$(openssl x509 -noout -subject -in $i | awk -F '(=|= )' '{gsub(/ /, "_", $NF); print $NF}' ) mv $i ${name}.crt done # Remove temp files and update certificate stores rm -fr tmp $update } # Only execute if not being sourced [[ ${BASH_SOURCE[0]} == "$0" ]] && main "$@" -
Apr 23, 2020 . 1 changed file with 24 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,26 @@ #!/bin/bash # Import DoD root certificates into linux CA store # Set cert directory and update command based on OS source /etc/os-release if [[ $ID =~ (fedora|rhel|centos) || $ID_LIKE =~ (fedora|rhel|centos) ]]; then certdir=/etc/pki/ca-trust/source/anchors update=update-ca-trust elif [[ $ID =~ (debian|ubuntu|mint) || $ID_LIKE =~ (debian|ubuntu|mint) ]]; then certdir=/usr/local/share/ca-certificates update=update-ca-certificates else certdir=$1 update=$2 fi [[ -n $certdir && -n $update ]] || { echo 'Unable to autodetect OS using /etc/os-release.' echo 'Please provide CA certificate directory and update command.' echo 'Example: add-dod-certs.sh /etc/cert/location update-cmd' exit 1 } # Location of bundle from DISA site bundle=https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_v5-6_dod.zip # Extract the bundle @@ -14,10 +32,12 @@ openssl pkcs7 -print_certs -in tmp/*.pem.p7b | awk 'BEGIN {c=0} /subject=/ {c++} {print > "cert." c ".pem"}' # Rename the files based on the CA name for i in *.pem; do name=$(openssl x509 -noout -subject -in $i | awk -F '(=|= )' '{gsub(/ /, "_", $NF); print $NF}' ) mv $i ${name}.crt done # Remove temp files rm -fr tmp # Update the certificate stores $update -
Apr 4, 2020 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,5 @@ #!/bin/bash # Import DoD root certificates into linux CA store # Directory where locally added CA certs go certdir=/usr/local/share/ca-certificates @@ -10,10 +11,10 @@ wget -qP tmp $bundle unzip -qj tmp/${bundle##*/} -d tmp # Convert the PKCS#7 bundle into individual PEM files openssl pkcs7 -print_certs -in tmp/*.pem.p7b | awk 'BEGIN {c=0} /subject=/ {c++} {print > "cert." c ".pem"}' # Rename the files based on the CA name for i in *.pem; do name=$(awk -F 'CN = ' 'NR==1 {gsub(/ /, "_", $2); print $2}' $i) mv $i ${name}.crt done # Remove temp files -
Apr 4, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,22 @@ #!/bin/bash # Directory where locally added CA certs go certdir=/usr/local/share/ca-certificates # Location of bundle from DISA site bundle=https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_v5-6_dod.zip # Extract the bundle cd $certdir wget -qP tmp $bundle unzip -qj tmp/${bundle##*/} -d tmp # Convert the PKCS#7 bundle into individual PEM files openssl pkcs7 -print_certs -in tmp/*.pem.p7b | awk 'BEGIN {c=0;} /subject=/{c++} { print > "cert." c ".pem"}' # Rename the files based on the CA name for i in *.pem; do name=$(head -1 $i | awk -F'CN = ' '{print $2}' | tr ' ' '_') mv $i ${name}.crt done # Remove temp files rm -fr tmp # Update the certificate stores update-ca-certificates