setup-ssl-ca 2.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970
  1. #!/usr/bin/env bash
  2. set -o errexit
  3. # Generate a new local CA "/root/.local/share/mkcert"
  4. bin/docker-compose exec -T -u root app mkcert -install
  5. docker cp "$(bin/docker-compose ps -q app|awk '{print $1}')":/root/.local/share/mkcert/rootCA.pem .
  6. echo "System password requested to install certificate authority on host..."
  7. if [ "$(uname)" == "Darwin" ]; then
  8. sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA.pem
  9. ### Check if Firefox is installed
  10. FFoxBin="/Applications/Firefox.app/Contents/MacOS/firefox-bin"
  11. if [ -f "$FFoxBin" ]; then
  12. echo "{\"policies\": {\"Certificates\": {\"ImportEnterpriseRoots\": true}}}" | sudo tee policies.json
  13. ### Check if distribution directory exists
  14. DistDirectory="/Applications/Firefox.app/Contents/Resources/distribution"
  15. if [ ! -d "$DistDirectory" ]; then
  16. sudo mkdir -p "$DistDirectory"
  17. fi
  18. ### Move the newly created policies.json to the Certificates directory
  19. sudo mv policies.json "$DistDirectory"/policies.json
  20. ### Check if Certificates directory exists
  21. CertDirectory="/Library/Application Support/Mozilla/Certificates"
  22. if [ ! -d "$CertDirectory" ]; then
  23. sudo mkdir -p "$CertDirectory"
  24. fi
  25. ### Move the newly created .pem to the Certificates directory
  26. sudo mv rootCA.pem "$CertDirectory"/rootCA.pem
  27. else
  28. sudo rm rootCA.pem
  29. fi
  30. else
  31. ### Requirement: apt install libnss3-tools
  32. REQUIRED_PKG="libnss3-tools"
  33. PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $REQUIRED_PKG|grep "install ok installed")
  34. echo Checking for $REQUIRED_PKG: "$PKG_OK"
  35. if [ "" = "$PKG_OK" ]; then
  36. echo "No $REQUIRED_PKG found. Setting up $REQUIRED_PKG."
  37. sudo apt-get --yes install $REQUIRED_PKG
  38. fi
  39. ### CA file to install (CUSTOMIZE!)
  40. certfile="rootCA.pem"
  41. certname="Root CA"
  42. ### For cert8 (legacy - DBM)
  43. find ~/ -name "cert8.db" -print0 | while read -r certDB
  44. do
  45. certdir=$(dirname "${certDB}");
  46. certutil -D -n "${certname}" -i ${certfile} -d dbm:"${certdir}"
  47. certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:"${certdir}"
  48. done
  49. ### For cert9 (SQL)
  50. find ~/ -name "cert9.db" -print0 | while read -r certDB
  51. do
  52. certdir=$(dirname "${certDB}");
  53. certutil -D -n "${certname}" -i ${certfile} -d sql:"${certdir}"
  54. certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:"${certdir}"
  55. done
  56. sudo mv rootCA.pem /usr/local/share/ca-certificates/rootCA.crt
  57. sudo update-ca-certificates
  58. fi