ivuorinen · February 17, 2020 13:48
diff --git a/install-letsencrypt-to-older-jre.sh b/install-letsencrypt-to-older-jre.sh
 #!/bin/bash
 set -e

 STORE_PASS=changeit

 JAVA_HOME=${1-text}
 [ $# -eq 0 ] && { echo "Usage: sudo $0 \$(/usr/libexec/java_home -v '1.8*')" ; exit 1; }

 KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts

 wget https://letsencrypt.org/certs/letsencryptauthorityx1.der
 wget https://letsencrypt.org/certs/letsencryptauthorityx2.der
 wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der
 wget https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der
 wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
 wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der

 # to be idempotent
 "$JAVA_HOME"/jre/bin/keytool -delete -alias isrgrootx1 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null || true
 "$JAVA_HOME"/jre/bin/keytool -delete -alias isrgrootx2 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null || true
 "$JAVA_HOME"/jre/bin/keytool -delete -alias letsencryptauthorityx1 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null || true
 "$JAVA_HOME"/jre/bin/keytool -delete -alias letsencryptauthorityx2 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null || true
 "$JAVA_HOME"/jre/bin/keytool -delete -alias letsencryptauthorityx3 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null || true
 "$JAVA_HOME"/jre/bin/keytool -delete -alias letsencryptauthorityx4 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null || true

 "$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias isrgrootx1 -file letsencryptauthorityx1.der
 "$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias isrgrootx2 -file letsencryptauthorityx2.der
 "$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias letsencryptauthorityx1 -file lets-encrypt-x1-cross-signed.der
 "$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias letsencryptauthorityx2 -file lets-encrypt-x2-cross-signed.der
 "$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
 "$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias letsencryptauthorityx4 -file lets-encrypt-x4-cross-signed.der

 rm -f letsencryptauthorityx1.der letsencryptauthorityx2.der lets-encrypt-x1-cross-signed.der lets-encrypt-x2-cross-signed.der lets-encrypt-x3-cross-signed.der lets-encrypt-x4-cross-signed.der
	#!/bin/bash
	set -e

	STORE_PASS=changeit

	JAVA_HOME=${1-text}
	[ $# -eq 0 ] && { echo "Usage: sudo $0 \$(/usr/libexec/java_home -v '1.8*')" ; exit 1; }

	KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts

	wget https://letsencrypt.org/certs/letsencryptauthorityx1.der
	wget https://letsencrypt.org/certs/letsencryptauthorityx2.der
	wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der
	wget https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der
	wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der
	wget https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der

	# to be idempotent
	"$JAVA_HOME"/jre/bin/keytool -delete -alias isrgrootx1 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null \|\| true
	"$JAVA_HOME"/jre/bin/keytool -delete -alias isrgrootx2 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null \|\| true
	"$JAVA_HOME"/jre/bin/keytool -delete -alias letsencryptauthorityx1 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null \|\| true
	"$JAVA_HOME"/jre/bin/keytool -delete -alias letsencryptauthorityx2 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null \|\| true
	"$JAVA_HOME"/jre/bin/keytool -delete -alias letsencryptauthorityx3 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null \|\| true
	"$JAVA_HOME"/jre/bin/keytool -delete -alias letsencryptauthorityx4 -keystore "$KEYSTORE" -storepass $STORE_PASS 2> /dev/null \|\| true

	"$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias isrgrootx1 -file letsencryptauthorityx1.der
	"$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias isrgrootx2 -file letsencryptauthorityx2.der
	"$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias letsencryptauthorityx1 -file lets-encrypt-x1-cross-signed.der
	"$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias letsencryptauthorityx2 -file lets-encrypt-x2-cross-signed.der
	"$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias letsencryptauthorityx3 -file lets-encrypt-x3-cross-signed.der
	"$JAVA_HOME"/jre/bin/keytool -trustcacerts -keystore "$KEYSTORE" -storepass $STORE_PASS -noprompt -importcert -alias letsencryptauthorityx4 -file lets-encrypt-x4-cross-signed.der

	rm -f letsencryptauthorityx1.der letsencryptauthorityx2.der lets-encrypt-x1-cross-signed.der lets-encrypt-x2-cross-signed.der lets-encrypt-x3-cross-signed.der lets-encrypt-x4-cross-signed.der