Created
February 3, 2012 10:15
-
-
Save aaronzirbes/1729503 to your computer and use it in GitHub Desktop.
This will add a web server's SSL certificate to your Ubuntu System-wide keystore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| host=$1 | |
| port=$2 | |
| # Make sure we got the host name | |
| if (( ${#host} == 0 )); then | |
| echo "usage: $0 <hostname> [port]" | |
| exit 1 | |
| elif (( ${#port} == 0 )); then | |
| # Set default port if it wasn't passed | |
| port=443 | |
| fi | |
| # Check for root/sudo access | |
| if ( ! sudo -n echo -n ''); then | |
| echo "This script requires root access to run. please run:" | |
| echo " sudo $0 $host $port" | |
| fi | |
| # Make sure ca-certificates-java is installed | |
| if (dpkg -s ca-certificates-java 2> /dev/null > /dev/null); then | |
| sudo apt-get install -y ca-certificates-java | |
| fi | |
| # check for local ca-certificates folder | |
| if [ ! -d /usr/share/ca-certificates/local ]; then | |
| sudo mkdir /usr/share/ca-certificates/local/ | |
| fi | |
| # Get the certificate, and write it to a file | |
| echo "" | openssl s_client -showcerts -host ${host} -port ${port} 2> /dev/null \ | |
| | openssl x509 | sudo tee /usr/share/ca-certificates/local/$host.crt | |
| # add the new file to the configuration | |
| echo "local/$host.crt" | sudo tee -a /etc/ca-certificates.conf | |
| # run update-ca-certificates | |
| sudo update-ca-certificates |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment