...
Kodblock | ||||
---|---|---|---|---|
| ||||
rm -rf generated-jks mkdir generated-jks rm -rf generated-pem mkdir generated-pem echo "=== Export SITHS CA's as PEM ===" openssl x509 -inform DER -in "../CA/SITHS/SITHS_Type_2_CA_v1.cer" -out generated-pem/siths_type_2_ca_v1.pem -outform PEM openssl x509 -inform DER -in "../CA/SITHS/SITHS_Root_CA_v1.crt" -out generated-pem/siths_root_ca_v1.pem -outform PEM # Export P12 Certificate (PEM) echo "=== Export esb.ntjp.sjunet.org.p12 Certificate (PEM) ===" openssl pkcs12 -in ../skltp/esb.ntjp.sjunet.org_legitimering_pkcs12_prod.p12 -out generated-pem/esb.ntjp.sjunet.org.p12.crt.pem -nokeys # Export P12 Certificate (PEM) echo "=== Export esb.ntjp.se.p12 Certificate (PEM) ===" openssl pkcs12 -in ../skltp/esb.ntjp.se_legitimering_pkcs12_prod.p12 -out generated-pem/esb.ntjp.se.p12.crt.pem -nokeys # SITHS TYPE 2 CA V1 + SITHS ROOT V1 (PEM) echo "=== Create SITHS CA Chain ===" cat generated-pem/siths_type_2_ca_v1.pem generated-pem/siths_root_ca_v1.pem > generated-pem/ca_chain.pem # Remove Header. echo "=== Remove Bag Header from PEM ===" openssl x509 -in generated-pem/esb.ntjp.sjunet.org.p12.crt.pem -out generated-pem/esb.ntjp.sjunet.org.p12.crt.out.pem openssl x509 -in generated-pem/esb.ntjp.se.p12.crt.pem -out generated-pem/esb.ntjp.se.p12.crt.out.pem # Create Complete Certificate Chain. echo "=== Create Complete Certificate Chain ===" cat generated-pem/esb.ntjp.sjunet.org.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/esb.ntjp.sjunet.org_cert_chain.pem cat generated-pem/esb.ntjp.se.p12.crt.out.pem generated-pem/ca_chain.pem > generated-pem/esb.ntjp.se_cert_chain.pem # Import P12 to Keystore echo "=== Import esb.ntjp.sjunet.org.p12 (alias: esb.ntjp.sjunet.org) to Keystore: esb.ntjp.sjunet.org.jks ===" keytool -importkeystore -srckeystore ../skltp/esb.ntjp.sjunet.org.p12 -srcalias esb.ntjp.sjunet.org -srcstoretype PKCS12 -destkeystore generated-jks/esb.ntjp.sjunet.org.jks -destalias esb.ntjp.sjunet.org -deststoretype JKS echo "=== Import esb.ntjp.se.p12 (alias: esb.ntjp.se) to Keystore: esb.ntjp.se.jks ===" keytool -importkeystore -srckeystore ../skltp/esb.ntjp.se.p12 -srcalias esb.ntjp.se -srcstoretype PKCS12 -destkeystore generated-jks/esb.ntjp.se.jks -destalias esb.ntjp.se -deststoretype JKS # Import Complete Certifcate Chain echo "=== Import Complete Certificate Chain to Keystore: esb.ntjp.sjunet.org.jks===" keytool -import -trustcacerts -keystore generated-jks/esb.ntjp.sjunet.org.jks -alias esb.ntjp.sjunet.org -file generated-pem/esb.ntjp.sjunet.org_cert_chain.pem -noprompt echo "=== Import Complete Certificate Chain to Keystore: esb.ntjp.se.jks===" keytool -import -trustcacerts -keystore generated-jks/esb.ntjp.se.jks -alias esb.ntjp.se -file generated-pem/esb.ntjp.se_cert_chain.pem -noprompt # Change sharing and permissions on JKS files chmod 444 generated-jks/*.jks |
...