@@ -177,23 +177,25 @@ if [ -d "$NUT_CONFPATH/cert/upsd" ] ; then
177177 mkdir -p "${NUT_CONFPATH}/cert/jks"
178178 JNUTKS="${NUT_CONFPATH}/cert/jks/jNut.jks"
179179
180- # For client we need Root CA cert (maybe server cert?) and own cert/key (upsmon)
181- # and NIT script already leaves (most of) them there as PEM files
182- keytool -importcert -noprompt -trustcacerts -keystore "${JNUTKS}" -storetype JKS -storepass "changeit" -alias "${TESTCERT_ROOTCA_NAME}" -file "${TESTCERT_PATH_ROOTCA}/rootca.pem"
183- keytool -importcert -noprompt -keystore "${JNUTKS}" -storepass "changeit" -alias "${TESTCERT_SERVER_NAME}" -file "${TESTCERT_PATH_SERVER}/server.crt"
184-
185- if [ ! -e "${TESTCERT_PATH_CLIENT}/client.p12" ] ; then
186- if [ -s "${TESTCERT_PATH_CLIENT}/client.key" ] && [ -s "${TESTCERT_PATH_CLIENT}/client.crt" ] && command -v openssl ; then
187- # Key goes first!
188- [ -s "${TESTCERT_PATH_CLIENT}/.pwfile" ] || { echo "${TESTCERT_CLIENT_PASS}" > ${TESTCERT_PATH_CLIENT}/.pwfile; }
189- cat "${TESTCERT_PATH_CLIENT}/client.key" "${TESTCERT_PATH_CLIENT}/client.crt" "${TESTCERT_PATH_ROOTCA}/rootca.pem" \
190- | openssl pkcs12 -export -password "file:${TESTCERT_PATH_CLIENT}/.pwfile" -name "${TESTCERT_CLIENT_NAME}" -caname "${TESTCERT_ROOTCA_NAME}" -out ${TESTCERT_PATH_CLIENT}/client.p12
191- else
192- pk12util -o "${TESTCERT_PATH_CLIENT}/client.p12" -n "${TESTCERT_CLIENT_NAME}" -d "${TESTCERT_PATH_CLIENT}" -W "${TESTCERT_CLIENT_PASS}" -K "${TESTCERT_CLIENT_PASS}"
180+ if [ ! -e "${JNUTKS}" ] ; then
181+ # For client we need Root CA cert (maybe server cert?) and own cert/key (upsmon)
182+ # and NIT script already leaves (most of) them there as PEM files
183+ keytool -importcert -noprompt -trustcacerts -keystore "${JNUTKS}" -storetype JKS -storepass "changeit" -alias "${TESTCERT_ROOTCA_NAME}" -file "${TESTCERT_PATH_ROOTCA}/rootca.pem"
184+ keytool -importcert -noprompt -keystore "${JNUTKS}" -storepass "changeit" -alias "${TESTCERT_SERVER_NAME}" -file "${TESTCERT_PATH_SERVER}/server.crt"
185+
186+ if [ ! -e "${TESTCERT_PATH_CLIENT}/client.p12" ] ; then
187+ if [ -s "${TESTCERT_PATH_CLIENT}/client.key" ] && [ -s "${TESTCERT_PATH_CLIENT}/client.crt" ] && command -v openssl ; then
188+ # Key goes first!
189+ [ -s "${TESTCERT_PATH_CLIENT}/.pwfile" ] || { echo "${TESTCERT_CLIENT_PASS}" > ${TESTCERT_PATH_CLIENT}/.pwfile; }
190+ cat "${TESTCERT_PATH_CLIENT}/client.key" "${TESTCERT_PATH_CLIENT}/client.crt" "${TESTCERT_PATH_ROOTCA}/rootca.pem" \
191+ | openssl pkcs12 -export -password "file:${TESTCERT_PATH_CLIENT}/.pwfile" -name "${TESTCERT_CLIENT_NAME}" -caname "${TESTCERT_ROOTCA_NAME}" -out ${TESTCERT_PATH_CLIENT}/client.p12
192+ else
193+ pk12util -o "${TESTCERT_PATH_CLIENT}/client.p12" -n "${TESTCERT_CLIENT_NAME}" -d "${TESTCERT_PATH_CLIENT}" -W "${TESTCERT_CLIENT_PASS}" -K "${TESTCERT_CLIENT_PASS}"
194+ fi
193195 fi
196+ # keytool -importcert -noprompt -keystore "${JNUTKS}" -storepass "changeit" -alias "${TESTCERT_CLIENT_NAME}" -file "${TESTCERT_PATH_CLIENT}/client.crt"
197+ keytool -importkeystore -srckeystore "${TESTCERT_PATH_CLIENT}/client.p12" -srcstoretype PKCS12 -srcstorepass "${TESTCERT_CLIENT_PASS}" -srckeypass "${TESTCERT_CLIENT_PASS}" -destkeystore "${JNUTKS}" -deststoretype JKS -deststorepass "changeit" -destkeypass "changeit" -srcalias "${TESTCERT_CLIENT_NAME}" -destalias "${TESTCERT_CLIENT_NAME}" -v
194198 fi
195- # keytool -importcert -noprompt -keystore "${JNUTKS}" -storepass "changeit" -alias "${TESTCERT_CLIENT_NAME}" -file "${TESTCERT_PATH_CLIENT}/client.crt"
196- keytool -importkeystore -srckeystore "${TESTCERT_PATH_CLIENT}/client.p12" -srcstoretype PKCS12 -srcstorepass "${TESTCERT_CLIENT_PASS}" -srckeypass "${TESTCERT_CLIENT_PASS}" -destkeystore "${JNUTKS}" -deststoretype JKS -deststorepass "changeit" -destkeypass "changeit" -srcalias "${TESTCERT_CLIENT_NAME}" -destalias "${TESTCERT_CLIENT_NAME}" -v
197199
198200 ls -la "${NUT_CONFPATH}/cert/jks/"
199201
0 commit comments