public/homelab-acme-step-ca
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
main
homelab-acme-step-ca/install-root-ca.sh

62 lines
1.7 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env sh
set -e
CA_URL="https://ca.para.net:9000"
ROOT_URL="$CA_URL/roots.pem"
TMP_FILE="$(mktemp)"
echo "Downloading roots.pem from $ROOT_URL ..."
curl -sSLk "$ROOT_URL" -o "$TMP_FILE"
if [ ! -s "$TMP_FILE" ]; then
echo "Error: roots.pem is empty or failed to download."
exit 1
fi
# Read /etc/os-release (source manually in POSIX shell)
OS_ID=""
OS_LIKE=""
if [ -f /etc/os-release ]; then
while IFS= read -r line; do
case "$line" in
ID=*) OS_ID=$(echo "$line" | cut -d= -f2 | tr -d '"') ;;
ID_LIKE=*) OS_LIKE=$(echo "$line" | cut -d= -f2 | tr -d '"') ;;
esac
done </etc/os-release
fi
echo "Detected OS: ID=$OS_ID, ID_LIKE=$OS_LIKE"
# Normalize to lowercase
OS_ID=$(echo "$OS_ID" | tr 'A-Z' 'a-z')
OS_LIKE=$(echo "$OS_LIKE" | tr 'A-Z' 'a-z')
# Detect family
if echo "$OS_ID $OS_LIKE" | grep -Eq 'debian|ubuntu'; then
echo "Installing on Debian-based system"
TARGET_PATH="/usr/local/share/ca-certificates/step-ca.crt"
cp "$TMP_FILE" "$TARGET_PATH"
echo "Updating CA trust store..."
update-ca-certificates
elif echo "$OS_ID $OS_LIKE" | grep -Eq 'rhel|centos|rocky|alma'; then
echo "Installing on RHEL-based system"
TARGET_PATH="/etc/pki/ca-trust/source/anchors/step-ca.pem"
cp "$TMP_FILE" "$TARGET_PATH"
echo "Updating CA trust store..."
update-ca-trust extract
else
echo "Unsupported operating system (ID=$OS_ID, LIKE=$OS_LIKE)"
echo "You may need to install the CA manually."
exit 2
fi
echo "Testing connection to $CA_URL ..."
if curl -sSL "$CA_URL" >/dev/null 2>&1; then
echo "Connection successful — root CA is trusted."
else
echo "Connection failed — check certificate installation or network configuration."
fi
rm -f "$TMP_FILE"
Reference in New Issue View Git Blame Copy Permalink