Friday, June 22, 2012

Install SSL certificates in your java keystore from POB recipes

When certificates change for domains your java application uses most likely you need to troubleshoot, delete by mistake what you did not want to and what not. It is wise to automate everything that can be automated of course.

Here is a Plain Old Bash (POB) script to reinstall certificates in the keystore. You can automate the setup using Remoto-IT of course.
#!/bin/bash -e
# certs.sh

USAGE="Usage: `basename $0`     "

if [ $# -ne "5" ] 
then
 echo $USAGE
  exit 1 
fi

domain=$1
port=$2
alias=$3
keystore=$4
storepass=$5

set +e; $JAVA_HOME/bin/keytool -delete -alias $alias -keystore  "$keystore"  -storepass "$storepass" -noprompt; set -e
echo | openssl s_client -connect $domain:$port 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$domain.cer
$JAVA_HOME/bin/keytool -import -keystore "$keystore" -file /tmp/$domain.cer -alias $alias  -storepass "$storepass" -noprompt
Of course this script can be run locally as well. Here is an example on how to call it in OSX:
./common/certs.sh sample.com 443 sample.com /Library/Java/Home/lib/security/cacerts changeit

No comments:

Followers