Salve ciotoni,
ho scritto un piccolo script comodo per aggiornare il certificato di autistici.
-zen
PS: lanciatelo con sudo o inserite il vostro utente nel gruppo staff (per debian)
====================
#!/bin/bash
CA_TMP_PATH=/tmp/ca
CA_TMP_FILE=$CA_TMP_PATH/autistici.crt
CA_SYS_FILE=/usr/local/share/ca-certificates/autistici-ca.crt
[ -d "/usr/local/share/ca-certificates" ] || {
echo "ERR: please install ca-certificates"
exit 1
}
# For Google Chrome
[ -z "$(which certutil)" ] && {
echo "ERR: please install libnss3-tool"
exit 1
}
echo -n "Downloading certificate: "
[ -d $CA_TMP_PATH ] || mkdir $CA_TMP_PATH
wget -q -O $CA_TMP_FILE http://www.autistici.org/static/certs/ca.crt || {
echo "FAIL"
rm -rf $CA_TMP_PATH
exit 1
}
echo "OK"
echo -n "Verifying certificate: "
CERT_FINGER=$(openssl x509 -in $CA_TMP_FILE -fingerprint -sha256 -noout | cut -d= -f2 | tr -d :)
DNS_FINGER=$(dig +short +dnssec tlsa _443._tcp.autistici.org @8.8.8.8 | awk '/^0/ {print $4 $5}')
[ "$CERT_FINGER" == "$DNS_FINGER" ] || {
echo "FAIL"
rm -rf $CA_TMP_PATH
exit 1
}
echo "OK"
echo -n "Installing certificate: "
cp $CA_TMP_FILE $CA_SYS_FILE
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "autistici/inventati CA" -i $CA_TMP_FILE
echo "OK"
rm -rf $CA_TMP_PATH