build-keystore.sh
1 #!/usr/bin/env bash 2 3 set -e 4 5 # Assumes Let's Encrypt 6 7 if [ $# -ne 1 -a $# -ne 3 ]; then 8 echo "usage: ${0%%*/} <domain> [<keystore> <password>]" 9 exit 2 10 fi 11 12 domain=$1 13 keystore=${2:-core-api.keystore} 14 pass=${3:-kspassword} 15 16 LEdirs=(/usr/local/etc /etc /opt .) 17 for LEdir in "${LEdirs[@]}"; do 18 srcdir="${LEdir}/letsencrypt/live/${domain}" 19 if [ -d "$srcdir" ]; then 20 echo "Using certs & keys from ${srcdir}" 21 break; 22 fi 23 unset srcdir 24 done 25 26 if [ -z "${srcdir}" ]; then 27 echo "Can't find Let's Encrypt folder for ${domain}" 28 exit 29 fi 30 31 # key & cert 32 rm -f "${domain}.p12" 33 openssl pkcs12 \ 34 -inkey "${srcdir}/privkey.pem" -in "${srcdir}/fullchain.pem" \ 35 -export -out "${domain}.p12" -passout pass:"${pass}" \ 36 -name "${domain}" 37 38 rm -f "${keystore}" 39 keytool -importkeystore -noprompt \ 40 -srckeystore "${domain}.p12" -srcstoretype PKCS12 -srcstorepass "${pass}" \ 41 -destkeystore "${keystore}" -deststorepass "${pass}" -destkeypass "${pass}" \ 42 -alias "${domain}" 43 44 printf "Built keystore: ${keystore}, with password: ${pass}\nFor settings.json:\n" 45 46 printf "\tsslKeystorePathname: \"%s\",\n" "${keystore}" 47 printf "\tsslKeystorePassword: \"%s\",\n" "${pass}"