Last active
February 14, 2018 09:38
-
-
Save seanorama/4943ac9020e61919a1c4f31a02961f37 to your computer and use it in GitHub Desktop.
Shell script to fetch and trust the CA certificate from hosts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ## | |
| ## Shell script to fetch and trust the CA certificate from hosts | |
| ## - Used on EL6,EL7,AmazonLinux. | |
| ## - Should work on others with a change of package installation | |
| ## method and certificate path. | |
| ## | |
| ## Author: Sean Roberts <https://github.com/seanorama> | |
| ## | |
| ## Use: | |
| ## 1. Set the hosts to trust: `hosts="host1:port"` or `hosts="host1:port host2:port host3:port" | |
| ## 2. Execute the script | |
| ## | |
| ## Full example: | |
| ## hosts="globalcatalog.domain.tld:3268 someldap.domain.tld:636 somewebsite.domain.tld:443" | |
| ## ./trust-hosts.sh | |
| set -o errexit | |
| set -o nounset | |
| set -o pipefail | |
| sudo yum -y install openldap-clients ca-certificates | |
| date="$(date +%F)" | |
| for host in ${hosts}; do | |
| echo | openssl s_client -connect ${host} -showcerts 2>&1 | | |
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | | |
| sudo tee /etc/pki/ca-trust/source/anchors/${host}_${date}.pem | |
| done | |
| sudo update-ca-trust force-enable | |
| sudo update-ca-trust extract | |
| sudo update-ca-trust check |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment