Skip to content

Commit 60bd832

Browse files
author
Derrek Young
committed
Added error checking to keytool commands. Cleaned up variables.
1 parent a84fb26 commit 60bd832

File tree

2 files changed

+119
-81
lines changed

2 files changed

+119
-81
lines changed

controller-ssl-certs-util.sh

Lines changed: 63 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -5,68 +5,85 @@
55
#
66
# Generate new certs, import them, list keystore contents and disable the HTTP port.
77
#
8-
# Version: 0.4
8+
# Version: 0.5
99
#
1010
#--------------------------------------------------------------------------------------------------
1111

1212
# Edit the following parameter to suit your environment
1313
CONTROLLER_HOME=/opt/AppDynamics/Controller
1414

15+
1516
################################################
1617
# Do not edit below this line
17-
18-
CONTROLLER_KEYTOOL_HOME=$CONTROLLER_HOME/jre/bin
19-
CONTROLLER_CONFIG_HOME=$CONTROLLER_HOME/appserver/glassfish/domains/domain1/config
20-
CONTROLLER_SIGNED_CERT_ALIAS_NAME="s1as"
21-
CONTROLLER_KEYSTORE_NAME="keystore.jks"
22-
CONTROLLER_KEYSTORE_PASSWORD="changeit"
18+
DATETIME=`date +%Y%m%d%H%M`
19+
CSR="./$HOSTNAME-$DATETIME.csr"
20+
21+
SIGNED_CERT_ALIAS_NAME="s1as"
22+
KEYSTORE_NAME="keystore.jks"
23+
KEYSTORE_PASSWORD="changeit"
24+
CONFIG_HOME=$CONTROLLER_HOME/appserver/glassfish/domains/domain1/config
25+
KEYSTORE_PATH=$CONFIG_HOME/$KEYSTORE_NAME
26+
KEYTOOL_HOME=$CONTROLLER_HOME/jre/bin
27+
KEYTOOL=$KEYTOOL_HOME/keytool
28+
KEYSTORE_BACKUP="./$KEYSTORE_NAME-$DATETIME.bak"
2329

2430
#1
2531
generate-csr()
2632
{
27-
validate
28-
29-
local DATETIME=`date +%Y%m%d%H%M`
30-
local KEYSTORE_BACKUP="$CONTROLLER_KEYSTORE_NAME.$DATETIME.bak"
31-
local CSR="$HOSTNAME-$DATETIME.csr"
32-
3333
echo "Generating a new Certificate Signing Request..."
3434

3535
#########################################
3636
# Backup the keystore
37-
if [ -f $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME ]; then
38-
echo "Creating backup keystore $CONTROLLER_CONFIG_HOME/$KEYSTORE_BACKUP"
39-
cp $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME $CONTROLLER_CONFIG_HOME/$KEYSTORE_BACKUP
37+
if [ -f $KEYSTORE_PATH ]; then
38+
echo "Creating backup keystore $KEYSTORE_BACKUP"
39+
cp $KEYSTORE_PATH $KEYSTORE_BACKUP
40+
41+
if [ $? -gt 0 ] ; then
42+
echo "ERROR: unable to create the backup keystore"
43+
exit 1
44+
fi
4045
fi
4146

4247
#########################################
43-
# Delete the existing $CONTROLLER_SIGNED_CERT_ALIAS_NAME
44-
echo "Deleting $CONTROLLER_SIGNED_CERT_ALIAS_NAME in $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME "
45-
$CONTROLLER_KEYTOOL_HOME/keytool -delete -alias $CONTROLLER_SIGNED_CERT_ALIAS_NAME -keystore $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME -storepass $CONTROLLER_KEYSTORE_PASSWORD
48+
# Delete the existing $SIGNED_CERT_ALIAS_NAME
49+
echo "Deleting $SIGNED_CERT_ALIAS_NAME in $KEYSTORE_PATH "
50+
$KEYTOOL -delete -alias $SIGNED_CERT_ALIAS_NAME -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD
4651

52+
if [ $? -gt 0 ] ; then
53+
echo "ERROR: unable to delete the alias"
54+
exit 1
55+
fi
4756

4857
#########################################
4958
# Generate the keypair
50-
echo "Generating the new keypair in $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME "
51-
$CONTROLLER_KEYTOOL_HOME/keytool -genkeypair -alias $CONTROLLER_SIGNED_CERT_ALIAS_NAME -keyalg RSA -keystore $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME -keysize 2048 -validity 1825 -storepass $CONTROLLER_KEYSTORE_PASSWORD
59+
echo "Generating the new keypair in $KEYSTORE_PATH "
60+
$KEYTOOL -genkeypair -alias $SIGNED_CERT_ALIAS_NAME -keyalg RSA -keystore $KEYSTORE_PATH -keysize 2048 -validity 1825 -storepass $KEYSTORE_PASSWORD
61+
62+
if [ $? -gt 0 ] ; then
63+
echo "ERROR: unable to generate the keypair"
64+
exit 1
65+
fi
5266

5367

5468
#########################################
5569
# Generate the CSR
56-
echo "Generating the Certificate Signing Request at $CONTROLLER_CONFIG_HOME/$CSR "
57-
$CONTROLLER_KEYTOOL_HOME/keytool -certreq -alias $CONTROLLER_SIGNED_CERT_ALIAS_NAME -keystore $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME -storepass $CONTROLLER_KEYSTORE_PASSWORD -file $CONTROLLER_CONFIG_HOME/$CSR
70+
echo "Generating the Certificate Signing Request at $CSR "
71+
$KEYTOOL -certreq -alias $SIGNED_CERT_ALIAS_NAME -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD -file $CSR
72+
73+
if [ $? -gt 0 ] ; then
74+
echo "ERROR: unable to generate the CSR"
75+
exit 1
76+
fi
5877

5978
#########################################
6079
echo " "
61-
echo "Finished. CSR generated at $CONTROLLER_CONFIG_HOME/$CSR."
80+
echo "Finished. CSR generated at $CSR"
6281
echo "Send this CSR to your Certificate Authority for signing, then import the signed cert. You may need to first import the CA's chain or root cert, depending on your setup. Contact your company's PKI team for guidance. "
6382
}
6483

6584
#2
6685
import-signed-cert()
6786
{
68-
validate
69-
7087
echo "Importing a signed certificate..."
7188
read -rp $'Certificate filename: ' cert
7289

@@ -75,17 +92,20 @@ import-signed-cert()
7592
exit
7693
fi
7794

78-
echo "Importing certificate: $cert"
79-
$CONTROLLER_KEYTOOL_HOME/keytool -import -trustcacerts -alias $CONTROLLER_SIGNED_CERT_ALIAS_NAME -keystore $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME -storepass $CONTROLLER_KEYSTORE_PASSWORD -file $cert
95+
echo "Importing $cert into $KEYSTORE_PATH for alias $alias"
96+
$KEYTOOL -import -trustcacerts -alias $SIGNED_CERT_ALIAS_NAME -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD -file $cert
97+
98+
if [ $? -gt 0 ] ; then
99+
echo "ERROR: unable to import the certificate"
100+
exit 1
101+
fi
80102

81103
echo "Finished"
82104
}
83105

84106
#3
85107
import-cert-chain()
86108
{
87-
validate
88-
89109
echo "Importing a root or intermediate certificate..."
90110
read -rp $'Certificate filename: ' cert
91111

@@ -98,33 +118,35 @@ import-cert-chain()
98118
local filename="${fullfile##*/}"
99119
local alias=$(echo $filename | cut -f 1 -d '.') #File name without the extension
100120

101-
echo "Importing $cert into keystore alias $alias"
102-
$CONTROLLER_KEYTOOL_HOME/keytool -import -trustcacerts -alias $alias -keystore $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME -storepass $CONTROLLER_KEYSTORE_PASSWORD -file $cert
121+
echo "Importing $cert into $KEYSTORE_PATH for alias $alias"
122+
$KEYTOOL -import -trustcacerts -alias $alias -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD -file $cert
123+
124+
if [ $? -gt 0 ] ; then
125+
echo "ERROR: unable to import the certificate"
126+
exit 1
127+
fi
103128

104129
echo "Finished"
105130
}
106131

107132
#4
108133
list()
109134
{
110-
validate
111-
112-
$CONTROLLER_KEYTOOL_HOME/keytool -list -keystore $CONTROLLER_CONFIG_HOME/$CONTROLLER_KEYSTORE_NAME -storepass $CONTROLLER_KEYSTORE_PASSWORD | more
135+
$KEYTOOL -list -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD | more
113136
}
114137

115138
validate()
116139
{
117-
local valid=true
118140
if [ ! -d "$CONTROLLER_HOME" ]; then
119141
echo "ERROR: Unable to find $CONTROLLER_HOME. Set the variable in this script."
120142
exit 1
121143
fi
122-
if [ ! -d "$CONTROLLER_KEYTOOL_HOME" ]; then
123-
echo "ERROR: Unable to find $CONTROLLER_KEYTOOL_HOME. Set the variable in this script."
144+
if [ ! -d "$KEYTOOL_HOME" ]; then
145+
echo "ERROR: Unable to find $KEYTOOL_HOME. Set the variable in this script."
124146
exit 1
125147
fi
126-
if [ ! -d "$CONTROLLER_CONFIG_HOME" ]; then
127-
echo "ERROR: Unable to find $CONTROLLER_CONFIG_HOME. Set the variable in this script."
148+
if [ ! -d "$CONFIG_HOME" ]; then
149+
echo "ERROR: Unable to find $CONFIG_HOME. Set the variable in this script."
128150
exit 1
129151
fi
130152
}
@@ -178,4 +200,5 @@ main()
178200
done
179201
}
180202

203+
validate
181204
main

eum-ssl-certs-util.sh

Lines changed: 56 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
#
66
# Generate new certs, import them, and list keystore contents.
77
#
8-
# Version: 0.4
8+
# Version: 0.5
99
#
1010
#--------------------------------------------------------------------------------------------------
1111

@@ -15,54 +15,64 @@ EUM_HOME=/opt/AppDynamics/EUM
1515

1616
################################################
1717
# Do not edit below this line
18-
19-
EUM_KEYTOOL_HOME=$EUM_HOME/jre/bin
20-
EUM_CONFIG_HOME=$EUM_HOME/eum-processor/bin
21-
EUM_SIGNED_CERT_ALIAS_NAME="eum-server"
22-
EUM_KEYSTORE_NAME="keystore.jks"
23-
EUM_KEYSTORE_PASSWORD="changeit"
18+
DATETIME=`date +%Y%m%d%H%M`
19+
CSR="./$HOSTNAME-$DATETIME.csr"
20+
21+
SIGNED_CERT_ALIAS_NAME="eum-server"
22+
KEYSTORE_NAME="keystore.jks"
23+
KEYSTORE_PASSWORD="changeit"
24+
CONFIG_HOME=$EUM_HOME/eum-processor/bin
25+
KEYSTORE_PATH=$CONFIG_HOME/$KEYSTORE_NAME
26+
KEYTOOL_HOME=$EUM_HOME/jre/bin
27+
KEYTOOL=$KEYTOOL_HOME/keytool
28+
KEYSTORE_BACKUP="./$KEYSTORE_NAME-$DATETIME.bak"
2429

2530
#1
2631
generate-csr()
2732
{
28-
validate
29-
30-
local DATETIME=`date +%Y%m%d%H%M`
31-
local KEYSTORE_BACKUP="$EUM_KEYSTORE_NAME.$DATETIME.bak"
32-
local CSR="$HOSTNAME-$DATETIME.csr"
33-
3433
echo "Generating a new Certificate Signing Request..."
3534

3635
#########################################
3736
# Backup the keystore
38-
if [ -f $EUM_CONFIG_HOME/$EUM_KEYSTORE_NAME ]; then
39-
echo "Creating backup keystore $EUM_CONFIG_HOME/$EUM_KEYSTORE_NAME "
40-
cp $EUM_CONFIG_HOME/$EUM_KEYSTORE_NAME $EUM_CONFIG_HOME/$KEYSTORE_BACKUP
37+
if [ -f $KEYSTORE_PATH ]; then
38+
echo "Creating backup keystore $KEYSTORE_BACKUP "
39+
mv $KEYSTORE_PATH $KEYSTORE_BACKUP
40+
41+
if [ $? -gt 0 ] ; then
42+
echo "ERROR: unable to create the backup keystore"
43+
exit 1
44+
fi
4145
fi
4246

4347
#########################################
4448
# Create the new keystore
45-
echo "Creating the new keystore at $EUM_CONFIG_HOME/$EUM_KEYSTORE_NAME"
46-
$EUM_KEYTOOL_HOME/keytool -genkey -keyalg RSA -validity 3560 -alias $EUM_SIGNED_CERT_ALIAS_NAME -keystore $EUM_CONFIG_HOME/$EUM_KEYSTORE_NAME -storepass $EUM_KEYSTORE_PASSWORD
49+
echo "Creating the new keystore at $KEYSTORE_PATH"
50+
$KEYTOOL -genkey -keyalg RSA -validity 3560 -alias $SIGNED_CERT_ALIAS_NAME -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD
4751

52+
if [ $? -gt 0 ] ; then
53+
echo "ERROR: unable to generate the keypair"
54+
exit 1
55+
fi
4856

4957
#########################################
5058
# Generate the CSR
51-
echo "Generating the Certificate Signing Request at $EUM_CONFIG_HOME/$CSR"
52-
$EUM_KEYTOOL_HOME/keytool -certreq -keystore $EUM_CONFIG_HOME/$EUM_KEYSTORE_NAME -file $EUM_CONFIG_HOME/$CSR -alias $HOSTNAME -storepass $EUM_KEYSTORE_PASSWORD
59+
echo "Generating the Certificate Signing Request at $CSR"
60+
$KEYTOOL -certreq -keystore $KEYSTORE_PATH -file $CSR -alias $HOSTNAME -storepass $KEYSTORE_PASSWORD
5361

62+
if [ $? -gt 0 ] ; then
63+
echo "ERROR: unable to generate the CSR"
64+
exit 1
65+
fi
5466

5567
#########################################
5668
echo " "
57-
echo "Finished. CSR successfully generated at $EUM_CONFIG_HOME/$CSR. "
69+
echo "Finished. CSR successfully generated at $CSR "
5870
echo "Send this CSR to your Certificate Authority for signing. You may need to first import the CA's chain or root cert, depending on your setup. Contact your company's PKI team for guidance."
5971
}
6072

6173
#2
6274
import-signed-cert()
6375
{
64-
validate
65-
6676
echo "Importing a signed certificate..."
6777
read -rp $'Certificate filename: ' cert
6878

@@ -71,20 +81,23 @@ import-signed-cert()
7181
exit
7282
fi
7383

74-
echo "Importing certificate: $cert"
75-
$EUM_KEYTOOL_HOME/keytool -import -trustcacerts -keystore $EUM_CONFIG_HOME/$EUM_KEYSTORE_NAME -file $cert -alias $EUM_SIGNED_CERT_ALIAS_NAME -storepass $EUM_KEYSTORE_PASSWORD
84+
echo "Importing $cert into $KEYSTORE_PATH for alias $alias"
85+
$KEYTOOL -import -trustcacerts -keystore $KEYSTORE_PATH -file $cert -alias $SIGNED_CERT_ALIAS_NAME -storepass $KEYSTORE_PASSWORD
86+
87+
if [ $? -gt 0 ] ; then
88+
echo "ERROR: unable to import the certificate"
89+
exit 1
90+
fi
7691

7792
echo " "
78-
echo "Finished. Now add the following properties to $EUM_CONFIG_HOME/eum.properties and restart the EUM Server."
79-
echo "processorServer.keyStorePassword=$EUM_KEYSTORE_PASSWORD"
80-
echo "processorServer.keyStoreFileName=$EUM_KEYSTORE_NAME"
93+
echo "Finished. Now add the following properties to $CONFIG_HOME/eum.properties and restart the EUM Server."
94+
echo "processorServer.keyStorePassword=$KEYSTORE_PASSWORD"
95+
echo "processorServer.keyStoreFileName=$KEYSTORE_NAME"
8196
}
8297

8398
#3
8499
import-cert-chain()
85100
{
86-
validate
87-
88101
echo "Importing a root or intermediate certificate..."
89102
read -rp $'Certificate filename: ' cert
90103

@@ -97,34 +110,35 @@ import-cert-chain()
97110
local filename="${fullfile##*/}"
98111
local alias=$(echo $filename | cut -f 1 -d '.') #File name without the extension
99112

100-
echo "Importing $cert into keystore alias $alias"
101-
$EUM_KEYTOOL_HOME/keytool -import -trustcacerts -alias $alias -keystore $EUM_CONFIG_HOME/$EUM_KEYSTORE_NAME -storepass $EUM_KEYSTORE_PASSWORD -file $cert
113+
echo "Importing $cert into $KEYSTORE_PATH for alias $alias"
114+
$KEYTOOL -import -trustcacerts -alias $alias -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD -file $cert
115+
116+
if [ $? -gt 0 ] ; then
117+
echo "ERROR: unable to import the certificate"
118+
exit 1
119+
fi
102120

103121
echo "Finished"
104122
}
105123

106124
#4
107125
list()
108126
{
109-
validate
110-
111-
$EUM_KEYTOOL_HOME/keytool -list -keystore $EUM_CONFIG_HOME/$EUM_KEYSTORE_NAME -storepass $EUM_KEYSTORE_PASSWORD
127+
$KEYTOOL -list -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD
112128
}
113129

114130
validate()
115131
{
116-
local valid=true
117-
118132
if [ ! -d "$EUM_HOME" ]; then
119133
echo "ERROR: Unable to find $EUM_HOME. Set this variable in this script."
120134
exit 1
121135
fi
122-
if [ ! -d "$EUM_KEYTOOL_HOME" ]; then
123-
echo "ERROR: Unable to find $EUM_KEYTOOL_HOME. Set this variable in this script."
136+
if [ ! -d "$KEYTOOL_HOME" ]; then
137+
echo "ERROR: Unable to find $KEYTOOL_HOME. Set this variable in this script."
124138
exit 1
125139
fi
126-
if [ ! -d "$EUM_CONFIG_HOME" ]; then
127-
echo "ERROR: Unable to find $EUM_CONFIG_HOME. Set this variable in this script."
140+
if [ ! -d "$CONFIG_HOME" ]; then
141+
echo "ERROR: Unable to find $CONFIG_HOME. Set this variable in this script."
128142
exit 1
129143
fi
130144
}
@@ -179,4 +193,5 @@ main()
179193
done
180194
}
181195

196+
validate
182197
main

0 commit comments

Comments
 (0)