Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # This script pulls ssl certs for using gmail smtp. Adapted from the following config explaination:
- # https://serverfault.com/questions/498588/smtp-gmail-com-from-bash-gives-error-in-certificate-peers-certificate-issuer
- certdirectory="/home/user/.certs"
- # Functions
- fail() {
- ec=$?
- [ "${ec}" == "0" ] && ec=1
- echo -e "FAILED[code=$ec]: $@"
- exit $ec
- }
- cleanup() {
- rm allgcert* || warn "Cleanup of files errored"
- rm gcert* || warn "Cleanup of files errored"
- }
- failclean() {
- cleanup
- fail "$@"
- }
- # Count number of certs currently being used (can change from time to time)
- numcerts=$(echo -n | openssl s_client -showcerts -connect smtp.gmail.com:465 | grep -c "i:")
- # Create the certs directory if it does not exist
- mkdir -p $certdirectory || fail "Unable to create certificates directory"
- # Pull certs to a local file for parsing
- echo -n | openssl s_client -showcerts -connect smtp.gmail.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > allgcert || failclean "Unable to pull certs from smtp.gmail.com"
- # Parses certs output based on the number of certs, and outputs to individual files
- if (($numcerts > 1)) ; then
- # Pulls the first cert out as it needs one extra line
- sed '1,27!d' allgcert > gcert1
- # For subsequent certs, it multiplies the cert number by the number of lines in the file where it should exist
- for i in $(seq 2 $numcerts) ; do
- sed "$((2 + (((($i - 1)) * 26))))"','"$((1 + (($i * 26))))"'!d' allgcert > gcert${i}
- done
- fi
- # Parses out certificate issuer names for installation
- echo -n | openssl s_client -showcerts -connect smtp.gmail.com:465 | grep i: | sed -e 's,.*=,,' > allgcertnames || failclean "Unable to output parsed names for certificates"
- for i in $(seq 1 $numcerts) ; do
- certutil -A -n "$(sed -n ${i}p allgcertnames)" -t "TC,," -d $certdirectory -i gcert${i} || failclean "Unable to import certificates to database"
- done
- cleanup
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement