#!/usr/bin/env bash set -e # Assumes Let's Encrypt if [ $# -ne 1 -a $# -ne 3 ]; then echo "usage: ${0%%*/} [ ]" exit 2 fi domain=$1 keystore=${2:-core-api.keystore} pass=${3:-kspassword} LEdirs=(/usr/local/etc /etc /opt .) for LEdir in "${LEdirs[@]}"; do srcdir="${LEdir}/letsencrypt/live/${domain}" if [ -d "$srcdir" ]; then echo "Using certs & keys from ${srcdir}" break; fi unset srcdir done if [ -z "${srcdir}" ]; then echo "Can't find Let's Encrypt folder for ${domain}" exit fi # key & cert rm -f "${domain}.p12" openssl pkcs12 \ -inkey "${srcdir}/privkey.pem" -in "${srcdir}/fullchain.pem" \ -export -out "${domain}.p12" -passout pass:"${pass}" \ -name "${domain}" rm -f "${keystore}" keytool -importkeystore -noprompt \ -srckeystore "${domain}.p12" -srcstoretype PKCS12 -srcstorepass "${pass}" \ -destkeystore "${keystore}" -deststorepass "${pass}" -destkeypass "${pass}" \ -alias "${domain}" printf "Built keystore: ${keystore}, with password: ${pass}\nFor settings.json:\n" printf "\tsslKeystorePathname: \"%s\",\n" "${keystore}" printf "\tsslKeystorePassword: \"%s\",\n" "${pass}"