-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaws-certs.sh
More file actions
27 lines (21 loc) · 1.11 KB
/
aws-certs.sh
File metadata and controls
27 lines (21 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# via https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html#UsingWithRDS.SSL-certificate-rotation-sample-script
# modified to import into cacerts so they're available without specifying a truststore
# modified to not require perl
set -euxo pipefail
mydir=tmp/certs
if [ ! -e "${mydir}" ]
then
mkdir -p "${mydir}"
fi
storepassword=changeit
curl -sS "https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem" > ${mydir}/global-bundle.pem
#awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n+1 ".pem"}' < ${mydir}/global-bundle.pem
cd ${mydir} && awk 'BEGIN {n=0; split_after=0} split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > ("rds-ca-" (n+1) ".pem")}' < global-bundle.pem && cd -
#for CERT in rds-ca-*; do
for CERT in ${mydir}/rds-ca-*; do
alias=$(openssl x509 -noout -subject -in $CERT | awk -F'CN=' '{print $2}')
echo "Importing $alias"
keytool -import -file ${CERT} -alias "${alias}" -storepass ${storepassword} -cacerts -noprompt
rm $CERT
done
rm ${mydir}/global-bundle.pem