26 lines
763 B
Bash
Executable File
26 lines
763 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# script/sync-dod-certs: update the CA bundle with DOD intermediate and root CAs
|
|
|
|
CAS_FILE_NAME="Certificates_PKCS7_v5.3_DoD"
|
|
CA_CHAIN="ssl/server-certs/ca-chain.pem"
|
|
|
|
echo "Resetting CA bundle..."
|
|
rm ssl/server-certs/ca-chain.pem &> /dev/null || true
|
|
touch $CA_CHAIN
|
|
|
|
if [[ $FLASK_ENV != "prod" ]]; then
|
|
# only for testing and development
|
|
echo "Copy in testing client CA..."
|
|
cat ssl/client-certs/client-ca.crt >> $CA_CHAIN
|
|
fi
|
|
|
|
# dod intermediate certs
|
|
echo "Adding DoD root certs"
|
|
rm -rf tmp || true
|
|
mkdir tmp
|
|
curl --silent -o tmp/dod-cas.zip "https://iasecontent.disa.mil/pki-pke/$CAS_FILE_NAME.zip"
|
|
unzip tmp/dod-cas.zip -d tmp/ &> /dev/null
|
|
openssl pkcs7 -in "tmp/$CAS_FILE_NAME/$CAS_FILE_NAME.pem.p7b" -print_certs >> $CA_CHAIN
|
|
rm -rf tmp
|