2 # Author: Jan Vcelak <jvcelak@redhat.com>
8 CERTDB_DIR=/etc/openldap/certs
12 MODULE_CKBI="$(rpm --eval %{_libdir})/libnssckbi.so"
13 RANDOM_SOURCE=/dev/urandom
19 printf "usage: create-certdb.sh [-d certdb]\n" >&2
23 while getopts "d:" opt; do
34 [ "$OPTIND" -le "$#" ] && usage
36 # verify target location
38 if [ ! -d "$CERTDB_DIR" ]; then
39 printf "Directory '%s' does not exist.\n" "$CERTDB_DIR" >&2
43 if [ ! "$(find "$CERTDB_DIR" -maxdepth 0 -empty | wc -l)" -eq 1 ]; then
44 printf "Directory '%s' is not empty.\n" "$CERTDB_DIR" >&2
50 printf "Creating certificate database in '%s'.\n" "$CERTDB_DIR" >&2
52 PASSWORD_FILE="$CERTDB_DIR/password"
55 dd if=$RANDOM_SOURCE bs=$PASSWORD_BYTES count=1 2>/dev/null | base64 > "$PASSWORD_FILE"
58 certutil -d "$CERTDB_DIR" -N -f "$PASSWORD_FILE" &>/dev/null
60 # load module with builtin CA certificates
62 echo | modutil -dbdir "$CERTDB_DIR" -add "Root Certs" -libfile "$MODULE_CKBI" &>/dev/null
66 for dbfile in "$CERTDB_DIR"/*.db; do