-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Add ROOT CAs to the trust store #12911
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from 3 commits
c901d51
c23231f
516f1f4
d3b0026
6c7fffb
3ebc750
a77ed3e
6adca9a
30f3478
ef2c484
a200f85
f1db139
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -70,8 +70,8 @@ elif [ ! -f "$CACERT_FILE" ]; then | |
| fi | ||
|
|
||
| # Import cacerts into the keystore | ||
| awk '/-----BEGIN CERTIFICATE-----?/{n++}{print > "cloudca." n }' "$CACERT_FILE" | ||
| for caChain in $(ls cloudca.*); do | ||
| awk 'BEGIN{n=0} /-----BEGIN CERTIFICATE-----/{n++}{print > "cloudca." n }' "$CACERT_FILE" | ||
|
vishesh92 marked this conversation as resolved.
Outdated
|
||
| for caChain in $(ls cloudca.* 2>/dev/null); do | ||
| keytool -delete -noprompt -alias "$caChain" -keystore "$KS_FILE" -storepass "$KS_PASS" > /dev/null 2>&1 || true | ||
| keytool -import -noprompt -storepass "$KS_PASS" -trustcacerts -alias "$caChain" -file "$caChain" -keystore "$KS_FILE" > /dev/null 2>&1 | ||
| done | ||
|
Comment on lines
+73
to
77
|
||
|
|
@@ -137,6 +137,22 @@ if [ -f "$SYSTEM_FILE" ]; then | |
| chmod 644 /usr/local/share/ca-certificates/cloudstack/ca.crt | ||
| update-ca-certificates > /dev/null 2>&1 || true | ||
|
|
||
| # Import CA cert(s) into realhostip.keystore so the SSVM JVM | ||
| # (which overrides the truststore via -Djavax.net.ssl.trustStore in _run.sh) | ||
| # can trust servers signed by the CloudStack CA | ||
| REALHOSTIP_KS_FILE="$(dirname $(dirname $PROPS_FILE))/certs/realhostip.keystore" | ||
|
vishesh92 marked this conversation as resolved.
Outdated
|
||
| REALHOSTIP_PASS="vmops.com" | ||
| if [ -f "$REALHOSTIP_KS_FILE" ]; then | ||
| awk 'BEGIN{n=0} /-----BEGIN CERTIFICATE-----/{n++}{print > "cloudca." n }' "$CACERT_FILE" | ||
| for caChain in $(ls cloudca.* 2>/dev/null); do | ||
| keytool -delete -noprompt -alias "$caChain" -keystore "$REALHOSTIP_KS_FILE" \ | ||
| -storepass "$REALHOSTIP_PASS" > /dev/null 2>&1 || true | ||
| keytool -import -noprompt -trustcacerts -alias "$caChain" -file "$caChain" \ | ||
| -keystore "$REALHOSTIP_KS_FILE" -storepass "$REALHOSTIP_PASS" > /dev/null 2>&1 | ||
| done | ||
| rm -f cloudca.* | ||
| fi | ||
|
|
||
| # Ensure cloud service is running in systemvm | ||
| if [ "$MODE" == "ssh" ]; then | ||
| systemctl start cloud > /dev/null 2>&1 | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.