Regenerate CACERTS file from root certificates

This script creates a new cacerts file from individual root CA files, it is driven by a text config file which needs to be given as an argument.

Example config file:-

[user@app01 autocreate-cacerts]$ more cac-config.txt
alias=AddTrustExternal,file=AddTrustExternalCARoot.crt,usedby=customer1
alias=entrustclientca,file=entrustclientca.cer,usedby=customer2
alias=godaddyclass2ca,file=godaddyclass2ca.cer,usedby=customer3
[user@app01 autocreate-cacerts]$

Script:-

[user@app01 autocreate-cacerts]$ more regenerateCACERTS.sh
#!/bin/bash
#

#Use the correct keytool binary
KEYTOOL=/usr/pkg/weblogic/9.2.2/jdk150_14/bin/keytool

STOREPASS=changeit

#set the filename produced,
#for testing, ensure it will not overwrite a production file.
BASEDIR=/home/user/scripts/cacert-stuff/test
CACERTSFILENAME=cacerts-test2

#check we are user
if [ "$USER" = "user" ]; then
        echo "Running as user user"
        echo ""
    else
        echo "Try again. You should be user, this ensures the file produced has the right ownership."
        exit 1
fi




#read in config file supplied as $1 argument

CONFIGFILE=$1
if [ "$1" = "" ]
 then
   echo "You need to provide the name of a cacert config file, eg. ./regenerateCACERTS.sh cacertconfig.txt"
   exit 1
fi


#loop through all config lines

#example >alias=AddTrustExternal,file=AddTrustExternalCARoot.crt<


for LINE in `cat ${CONFIGFILE}` ;
do
#echo "---------------"
#echo "LINE is ${LINE}"
#echo "---------------"

ALIAS=`echo ${LINE} | cut -d, -f1 | cut -d= -f2`
#echo "alias is >${ALIAS}<"

CERTFILE=`echo  ${LINE} | cut -d, -f2 | cut -d= -f2`
#echo "file is >${CERTFILE}<"

USEDBY=`echo  ${LINE} | cut -d, -f3  | cut -d= -f2`
#echo "used by is >${USEDBY}<"

echo "========================================="


#Import Root CA in to cacerts
echo "Importing ${CERTFILE} as ${ALIAS}"
${KEYTOOL} -import -noprompt -alias ${ALIAS} -file ${CERTFILE} -keystore ${BASEDIR}/${CACERTSFILENAME} -storepass ${STOREPASS}

done

echo "========================================="


exit 0
[user@app01 autocreate-cacerts]$

rb/regeneratecacerts.txt · Last modified: 10/10/2013 14:21 (external edit)