pem2jks.sh

pem2jks.sh

#!/usr/bin/env bash
#
# pem2jks.sh - convert bundled PEM certificate to JKS format
#
# Special thanks to Justin Ludwig about his article on converting PEM to JKS. 
# http://blog.swwomm.com/2015/02/importing-new-rds-ca-certificate-into.html
#

set -e

tmp="$(mktemp -d "/tmp/$(basename "$0" ".sh").XXXXX")"

on_exit() {
  rm -fr "${tmp}"
}
trap on_exit HUP TERM EXIT

get_alias() {
  openssl x509 -noout -text -in "$1" | perl -ne 'next unless /Subject:/; s/.*CN=//; print'
}

abspath() {
  ( cd "$(dirname "$1")" && echo "${PWD}/$(basename "$1")" )
}

_pem2jks() {
  local pem="$(abspath "$1")"
  local jks="$(abspath "$2")"
  local dir="$(mktemp -d "${tmp}/pem.XXXXX")"
  pushd "${dir}" 1>/dev/null
  rm -f "${jks}"
  csplit -f cert. -s -z "${pem}" '/-BEGIN CERTIFICATE-/' '{*}'
  for cert in "cert."*; do
    name="$(get_alias "${cert}")"
    echo "${name}" 1>&2
    keytool -import -keystore "${jks}" -storepass "${storepass}" -noprompt -alias "$(get_alias "${cert}")" -file "${cert}" 1>/dev/null 2>&1
  done
  popd 1>/dev/null
}

read -p "Password: " -s
storepass="${REPLY}"
echo

for pem; do
  jks="$(basename "${pem}" ".pem").jks"
  _pem2jks "${pem}" "${jks}"
done

You have literally changed my life with this script. Thanks!