Export CA root certs to file
This script takes a cacerts file and exports all the root certs in it to a directory. See another script in this section for assembling a custom cacerts file from individual CA root files. Written for use with WebLogic cacert file.
[user@app01 cacert-stuff]$ more exportCARoots.sh #!/bin/bash #exportCARoots.sh #written Andrew Stringer 08/11/2011 #This extracts the root ca's contained in the cacerts file to individual certificates. EXPORTPATH=/home/user/scripts/cacert-stuff/root-certs KEYTOOL=/usr/pkg/weblogic/9.2.2/jdk150_14/bin/keytool CACERTS=$1 if [ "$1" = "" ] then echo "You need to provide the name of a cacert file, eg. ./ exportCARoots.sh ./cacert-10-10-2011." exit 1 fi STOREPASS=changeit TMP1=/tmp/exportCAroots1-$$ #example entry for each root ca #verisignclass3g2ca, 25-Mar-2004, trustedCertEntry, #Certificate fingerprint (MD5): A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9 #create a list of aliases which form the loop to test each entry in turn, tail gets rid of unwanted info at top of #keytool output echo " " echo "Step 1, Listing all the CA aliases in ${CACERTS} to a file." echo "Step 2, exporting CA roots." for ALIAS in `${KEYTOOL} -list -keystore ${CACERTS} -storepass ${STOREPASS} | tail +7 | grep -v Certificate | cut -d, -f 1 -` do ${KEYTOOL} -export -rfc -v -alias ${ALIAS} -file ${EXPORTPATH}/${ALIAS}.cer -keystore ${CACERTS} -storepass ${STOREPASS} > ${TMP1} 2>&1 echo -n "." done echo " " echo "CA roots exported." echo "==================" for FILE in `${KEYTOOL} -list -keystore ${CACERTS} -storepass ${STOREPASS} | tail +7 | grep -v Certificate | cut -d, -f 1 -` do ls -1 ${EXPORTPATH}/${FILE}* done #clear up our mess rm ${TMP1} exit 0 [user@app01 cacert-stuff]$