Last active
April 14, 2021 08:59
-
-
Save hedefalk/9442c224e7de4739e8cee6b7e88c4d7f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| JAVA_HOME=${1-text} | |
| [ $# -eq 0 ] && { echo "Usage: sudo $0 \$(/usr/libexec/java_home -v '1.8*')" ; exit 1; } | |
| KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts | |
| wget https://letsencrypt.org/certs/isrgrootx1.pem | |
| wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der | |
| wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der | |
| # to be idempotent | |
| keytool -delete -alias isrgrootx1 -keystore $KEYSTORE -storepass changeit 2> /dev/null | |
| keytool -delete -alias letsencryptauthorityx3 -keystore $KEYSTORE -storepass changeit 2> /dev/null | |
| keytool -delete -alias letsencryptauthorityx4 -keystore $KEYSTORE -storepass changeit 2> /dev/null | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias isrgrootx1 -file isrgrootx1.pem | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der | |
| keytool -trustcacerts -keystore $KEYSTORE -storepass changeit -noprompt -importcert -alias letsencryptauthorityx4 -file lets-encrypt-x4-cross-signed.der | |
| rm isrgrootx1.pem lets-encrypt-x3-cross-signed.der lets-encrypt-x4-cross-signed.der |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'd recommend importing X1 + X2 + X3 + X4 and both roots. Also the idempotent commands should not kill the script if running with set -e
See: https://gist.github.com/Firefishy/109b0f1a90156f6c933a50fe40aa777e