Skip to content

Instantly share code, notes, and snippets.

@vicneanschi

vicneanschi/getcert.sh

Created June 15, 2016 19:58
Show Gist options
  • Save vicneanschi/f0dc30a2d1cba64aac5f283fedbef223 to your computer and use it in GitHub Desktop.
Save vicneanschi/f0dc30a2d1cba64aac5f283fedbef223 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
getcert.sh
#!/bin/bash
#
# Retrieves DoD root certificates, converts them to PEM
# format, and concatenates them into one big PEM file.
#
# @author DMcG
if [-d rootCerts]; then
rm -rf rootCerts
fi
mkdir rootCerts
# Retrieve root certificates from disa
wget http://dodpki.c3pki.chamb.disa.mil/dodeca2.cac --output-document=rootCerts/dodeca2.cac
wget http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.cac --output-document=rootCerts/rel3_dodroot_2048.cac
wget http://dodpki.c3pki.chamb.disa.mil/dodeca.cac --output-document=rootCerts/dodeca.cac
# Convert them to PEM format, which is what Apache wants
if [ -d pemRootCerts ]; then
rm -rf pemRootCerts
fi
mkdir pemRootCerts
openssl pkcs7 -inform DER -outform PEM -print_certs -in rootCerts/dodeca.cac -out pemRootCerts/dodeca.pem
openssl pkcs7 -inform DER -outform PEM -print_certs -in rootCerts/dodeca2.cac -out pemRootCerts/dodeca2.pem
openssl pkcs7 -inform DER -outform PEM -print_certs -in rootCerts/rel3_dodroot_2048.cac -out pemRootCerts/rel3_dodroot_2048.pem
# Concatenate all PEM certificates together into one big DoD PEM certificate file
cat pemRootCerts/dodeca.pem pemRootCerts/dodeca2.pem pemRootCerts/rel3_dodroot_2048.pem > allDoDRootCertificates.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment