-
Notifications
You must be signed in to change notification settings - Fork 0
/
new-cert-to-keystore.sh
19 lines (13 loc) · 1004 Bytes
/
new-cert-to-keystore.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#!/bin/bash
#import env vars
source /etc/profile
# Stop Keycloak
systemctl stop keycloak
# Convert the private key and certificate to a PKCS12 file
openssl pkcs12 -export -in /etc/letsencrypt/live/$DOMAIN_SUBDOMAIN/fullchain.pem -inkey /etc/letsencrypt/live/$DOMAIN_SUBDOMAIN/privkey.pem -out /etc/letsencrypt/live/$DOMAIN_SUBDOMAIN/pkcs.p12 -name $KEYCLOAK_SSL_ALIAS -passout pass:$KEYCLOAK_SSL_PASSWORD
# Remove the old certificate from our keystore
keytool -delete -noprompt -alias $KEYCLOAK_SSL_ALIAS -keystore /opt/keycloak/current/standalone/configuration/keycloak.jks -storepass $KEYSTORE_PASSWORD
# Import the new certificate to our keystore
keytool -importkeystore -deststorepass $KEYSTORE_PASSWORD -destkeypass $KEYCLOAK_SSL_PASSWORD -destkeystore /opt/keycloak/standalone/configuration/keycloak.jks -srckeystore /etc/letsencrypt/live/$DOMAIN_SUBDOMAIN/pkcs.p12 -srcstoretype PKCS12 -srcstorepass $KEYCLOAK_SSL_PASSWORD -alias $KEYCLOAK_SSL_ALIAS
# Start Keycloak
systemctl start keycloak