Skip to content

Instantly share code, notes, and snippets.

@landonf

landonf/setcert.sh

Last active March 3, 2023 08:54
Show Gist options
  • Save landonf/5391542 to your computer and use it in GitHub Desktop.
Save landonf/5391542 to your computer and use it in GitHub Desktop.
Download ZIP
opendj certificate configuration
Raw
setcert.sh
#!/bin/sh
args=`getopt p:c:t:o:a: $*`
if [ $? != 0 ]; then
echo 'Usage: ...'
exit 2
fi
set -- $args
for i; do
case "$i" in
-p)
PKCS12="$2"; shift
shift;;
-c)
CERT="$2"; shift
shift;;
-a)
CA_CERT="$2"; shift
shift;;
-t)
TYPE="$2"; shift
shift;;
-o)
OPENDJ_DIR="$2"; shift
shift;;
--)
shift; break;;
esac
done
usage() {
echo "Usage: -t <type> -a <ca cert> -c <cert> -p <pkcs12> -o <opendj_dir>"
echo "Supported types: admin ads server"
}
if [ -z "${TYPE}" ]; then
usage
exit 1
fi
if [ -z "${CERT}" ]; then
usage
exit 1
fi
if [ -z "${CA_CERT}" ]; then
usage
exit 1
fi
if [ -z "${PKCS12}" ]; then
usage
exit 1
fi
if [ -z "${OPENDJ_DIR}" ]; then
usage
exit 1
fi
case "${TYPE}" in
admin)
ALIAS="admin-cert"
STORE_PREFIX="admin-"
;;
ads)
ALIAS="ads-certificate"
STORE_PREFIX="ads-"
;;
server)
ALIAS="server-cert"
STORE_PREFIX=""
;;
*)
echo "Unknown type ${TYPE}. Choose one of 'admin', 'ads', or 'server'"
esac
if [ ! -f "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" ]; then
echo "Can't find config/${STORE_PREFIX}keystore" in "${OPENDJ_DIR}"
exit 1
fi
if [ ! -f "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" ]; then
echo "Can't find config/${STORE_PREFIX}truststore" in "${OPENDJ_DIR}"
exit 1
fi
# Delete existing entries
keytool -delete -alias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
keytool -delete -alias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
keytool -delete -alias "authority" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
keytool -delete -alias "authority" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
# Add CA certificate
keytool -import -trustcacerts -alias "authority" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -file "${CA_CERT}"
keytool -import -trustcacerts -alias "authority" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -file "${CA_CERT}"
#keytool -import -alias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -file "${CERT}"
# Add certificate
keytool -importkeystore -alias 1 -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -srcstorepass changeit -srcstoretype PKCS12 -srckeystore "${PKCS12}"
keytool -changealias -alias 1 -destalias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -keypass changeit
keytool -keypasswd -keypass changeit -new `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -alias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
@westwin
Copy link

westwin commented May 3, 2017

nice. I have another script to convert x509 cert to p12, as keytool can not import an x509 cert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment