Skip to content

Instantly share code, notes, and snippets.

@cstpraveen

cstpraveen/setcert.sh

Forked from landonf/setcert.sh
Created March 3, 2023 08:53
Show Gist options
  • Save cstpraveen/5fb4a56dcc986d72f60b50f311acd90a to your computer and use it in GitHub Desktop.
Save cstpraveen/5fb4a56dcc986d72f60b50f311acd90a to your computer and use it in GitHub Desktop.
Download ZIP
opendj certificate configuration
Raw
setcert.sh
#!/bin/sh
args=`getopt p:c:t:o:a: $*`
if [ $? != 0 ]; then
echo 'Usage: ...'
exit 2
fi
set -- $args
for i; do
case "$i" in
-p)
PKCS12="$2"; shift
shift;;
-c)
CERT="$2"; shift
shift;;
-a)
CA_CERT="$2"; shift
shift;;
-t)
TYPE="$2"; shift
shift;;
-o)
OPENDJ_DIR="$2"; shift
shift;;
--)
shift; break;;
esac
done
usage() {
echo "Usage: -t <type> -a <ca cert> -c <cert> -p <pkcs12> -o <opendj_dir>"
echo "Supported types: admin ads server"
}
if [ -z "${TYPE}" ]; then
usage
exit 1
fi
if [ -z "${CERT}" ]; then
usage
exit 1
fi
if [ -z "${CA_CERT}" ]; then
usage
exit 1
fi
if [ -z "${PKCS12}" ]; then
usage
exit 1
fi
if [ -z "${OPENDJ_DIR}" ]; then
usage
exit 1
fi
case "${TYPE}" in
admin)
ALIAS="admin-cert"
STORE_PREFIX="admin-"
;;
ads)
ALIAS="ads-certificate"
STORE_PREFIX="ads-"
;;
server)
ALIAS="server-cert"
STORE_PREFIX=""
;;
*)
echo "Unknown type ${TYPE}. Choose one of 'admin', 'ads', or 'server'"
esac
if [ ! -f "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" ]; then
echo "Can't find config/${STORE_PREFIX}keystore" in "${OPENDJ_DIR}"
exit 1
fi
if [ ! -f "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" ]; then
echo "Can't find config/${STORE_PREFIX}truststore" in "${OPENDJ_DIR}"
exit 1
fi
# Delete existing entries
keytool -delete -alias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
keytool -delete -alias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
keytool -delete -alias "authority" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
keytool -delete -alias "authority" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
# Add CA certificate
keytool -import -trustcacerts -alias "authority" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -file "${CA_CERT}"
keytool -import -trustcacerts -alias "authority" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -file "${CA_CERT}"
#keytool -import -alias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}truststore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -file "${CERT}"
# Add certificate
keytool -importkeystore -alias 1 -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -srcstorepass changeit -srcstoretype PKCS12 -srckeystore "${PKCS12}"
keytool -changealias -alias 1 -destalias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -keypass changeit
keytool -keypasswd -keypass changeit -new `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"` -alias "${ALIAS}" -keystore "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore" -storepass `cat "${OPENDJ_DIR}/config/${STORE_PREFIX}keystore.pin"`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment