#!/bin/sh # ## Copyright (C) 1996-2017 The Squid Software Foundation and contributors ## ## Squid software is distributed under GPLv2+ license and includes ## contributions from numerous individuals and organizations. ## Please see the COPYING and CONTRIBUTORS files for details. ## # ----------------------------------------------------------------------------- # # Author: Markus Moeller (markus_moeller at compuserve.com) # # Copyright (C) 2007 Markus Moeller. All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. # # ----------------------------------------------------------------------------- # # # creates the following files: # .cert # secmod.db # key3.db # cert8.db # # if [ -z "$1" ]; then echo "Usage: `basename $0` ldap-server port" exit 0 fi if [ -z "$2" ]; then port=636 else port=$2 fi server=$1 # # Remove old files # rm ${server}_[0-9]*.cert 2>/dev/null # # Get certs and store in .cert file # ( openssl s_client -showcerts -connect $server:$port 2>/dev/null < ostart ) {print $0 >>"'$server'_"start".cert"}; if ( $0 ~ /END CERTIFICATE/) { ostart=start } }' # # from mozilla-nss-tools # /usr/sfw/bin on Solaris # # # Create database for Sun ldap and pem file for Openldap # rm ${server}_[0-9]*.pem 2>/dev/null i=0 ls ${server}_[0-9]*.cert | while read file; do i=$(($i+1)) cat $file >> ${server}_$i.pem CA=`openssl x509 -noout -text -in ${server}_$i.pem | grep -i "CA:.*true"` if [ -n "$CA" ]; then echo "CA is in ${server}_$i.pem" certutil -A -a -n "${server}_$i" -i $file -t "C,," -d . else certutil -A -a -n "${server}_$i" -i $file -t "P,," -d . fi rm $file done echo "Certs:" certutil -d . -L echo "are in" ls *.db