Skip to content

Instantly share code, notes, and snippets.

@ivansharamok
Created October 25, 2017 05:05
Show Gist options
  • Save ivansharamok/552e51305849a9940eac2e5f0326bacf to your computer and use it in GitHub Desktop.
Save ivansharamok/552e51305849a9940eac2e5f0326bacf to your computer and use it in GitHub Desktop.
<#
.Synopsis
Get Solr SSL cert from docker container and install it into local Windows machine.
.Example
.\import-docker-solrssl.ps1 -DockerContainer sc90-solr66 -InstallCert
.Example
.\import-docker-solrssl.ps1 -DockerContainer sc90-solr66 -KeystoreFile ./solr-ssl.keystore.jsk -InstallCert
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)] $DockerContainer,
[Parameter(Mandatory=$false)] $KeystoreFile='solr-ssl.keystore.jks',
[Parameter(Mandatory=$false)] $KeystorePassword='secret',
[switch] $InstallCert,
[switch] $Clobber
)
$Error.Clear()
Trap
{
Write-Error $_.ErrorDetails.Message
Write-Error $_.InvocationInfo.PositionMessage
Write-Error $_.CategoryInfo.ToString()
Write-Error $_.FullyQualifiedErrorId
$e = $_.Exception
while ($e.InnerException) {
$e = $e.InnerException
$msg += "`n" + $e.Message
}
break;
}
$P12Path = [IO.Path]::ChangeExtension($KeystoreFile, 'p12')
if((Test-Path $P12Path)) {
if($Clobber) {
Write-Host "Removing $P12Path..."
Remove-Item $P12Path
} else {
$P12Path = Resolve-Path $P12Path
Write-Error "Keystore file $P12Path already existed. To regenerate it, pass -Clobber."
}
}
else {
$P12Path = Join-Path $PSScriptRoot $P12Path
}
Write-Verbose "p12 path `'$P12Path`'"
# get cert from docker container
# cert location in docker: /opt/solr/server/etc/solr-ssl.keystore.jks
$dockerPath = $("$DockerContainer`:/opt/solr/server/etc/$KeystoreFile")
Write-Verbose "First arg: $dockerPath"
& docker cp $dockerPath $PSScriptRoot
$certPath = Join-Path $PSScriptRoot $KeystoreFile
if (Test-Path $certPath){
Write-Verbose "Cert `'$certPath`' has been copied successfully."
}
else {
Write-Verbose "Cannot find cert at location `'$certPath`'"
}
try {
# requires JAVA_HOME to be in the PATH environment variable
$keytool = (Get-Command 'keytool.exe').Source
} catch {
$keytool = Read-Host "keytool.exe not on path. Enter path to keytool (found in JRE bin folder)"
if([string]::IsNullOrEmpty($keytool) -or -not (Test-Path $keytool)) {
Write-Error "Keytool path was invalid."
}
}
Write-Host ''
Write-Host 'Generating .p12 to import to Windows...'
& $keytool -importkeystore -srckeystore $certPath -destkeystore $P12Path -srcstoretype jks -deststoretype pkcs12 -srcstorepass $KeystorePassword -deststorepass $KeystorePassword
if ($InstallCert) {
Write-Host ''
Write-Host 'Trusting generated SSL certificate...'
Write-Verbose "Installing cert `'$P12Path`'"
$secureStringKeystorePassword = ConvertTo-SecureString -String $KeystorePassword -Force -AsPlainText
$root = Import-PfxCertificate -FilePath $P12Path -Password $secureStringKeystorePassword -CertStoreLocation Cert:\LocalMachine\Root
Write-Host "Solr SSL certificate was imported from docker container `'$DockerContainer`' and is now locally trusted. (added as root CA)"
}
@adoprog
Copy link

adoprog commented Nov 17, 2017

In the .Example section there is a misprint - .jsk should be changed to .jks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment