Hello,
I need to install a certificate from my ISP. My ISP is filtering the traffic and requires their certificate to get installed.
I could not find any documentation on this.
Many thanks.
PS The ISP provided a 150 lines long script for different Linux distros, and if relevant I would post it here.
Searching for trust certificate on the forum gives me two recent topics on this:
Are you saying your ISP want you to install their CA root certificate?
I thought it would be helpful and efficient to quote the provided script by my IPS which was written for Debian, Fedora and Arch distros.
Asking for help on how to achieve the following in openSUSE.
Many thanks.
#!/bin/sh
have(){
echo $(command -v $1 2> /dev/null && echo -n $1) 2> /dev/null
}
WGET=$(have wget)
CURL=$(have curl)
APT=$(have apt-get)
APK=$(have apk)
YUM=$(have yum)
PACMAN=$(have pacman)
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color
red() {
printf "${RED}$@${NC}
"
}
green() {
printf "${GREEN}$@${NC}
"
}
install(){
if [ ! -z "$APT" ] ; then
apt-get update
apt-get install -y $1
fi
if ! -z "$APK" ] ; then
apk upgrade
apk add $1
fi
if ! -z "$YUM" ] ; then
yum -y install $1
fi
if ! -z "$PACMAN" ] ; then
yes | pacman -Syu $1
fi
}
download_cert(){
O=
if ! -z "$CURL" ] ; then
O=$(curl http://api.internal.netfree.link/ca/netfree-ca.crt)
else
if -z "$WGET" ] ; then
install wget
fi
O=$(wget -O - http://api.internal.netfree.link/ca/netfree-ca.crt 2> /dev/null) 2> /dev/null
fi
echo "$O"
}
append_file(){
#sh -c 'echo "$1" >> $2'
touch "$2"
echo "$1" | tee -a "$2" > /dev/null
}
set_env(){
E=$1
if ! -f /etc/environment ] || ! grep -q -e "$E" /etc/environment ; then
append_file "$E" /etc/environment
fi
export "$E"
}
CERT=$(download_cert)
CERT1L=$(echo "$CERT" | tr -d \
\\r)
BUNDLE=
if -f /etc/pki/tls/certs/ca-bundle.crt ]; then
BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
fi
if -f /etc/ssl/certs/ca-certificates.crt ]; then
BUNDLE=/etc/ssl/certs/ca-certificates.crt
fi
DIRCA=
if -d /usr/local/share/ca-certificates ]; then
DIRCA=/usr/local/share/ca-certificates
fi
if -d /etc/pki/ca-trust/source/anchors ]; then
DIRCA=/etc/pki/ca-trust/source/anchors
fi
if -d /etc/ca-certificates/trust-source/anchors ]; then
DIRCA=/etc/ca-certificates/trust-source/anchors
fi
if echo "$CERT" | grep -q "BEGIN CERTIFICATE"
then
CERTS1L=$(cat "$BUNDLE" | tr -d \
\\r)
if echo "$CERTS1L" | grep -q -e "$CERT1L"
then
echo "installed"
else
append_file "$CERT" "$BUNDLE"
install ca-certificates
append_file "$CERT" "${DIRCA}/netfree-ca.crt"
update-ca-certificates
update-ca-trust
if ! -z "$APK" ]; then
append_file "$CERT" "$BUNDLE"
fi
bash
ln -s "$BUNDLE" /etc/ca-bundle.crt
# for nodejs
set_env "NODE_EXTRA_CA_CERTS=/etc/ca-bundle.crt"
# for requests python
set_env "REQUESTS_CA_BUNDLE=/etc/ca-bundle.crt"
# for python
set_env "SSL_CERT_FILE=/etc/ca-bundle.crt"
cat /etc/environment
## test
TEST=
if ! -z "$CURL" ] ; then
TEST=$(curl https://test.internal.netfree.link/user/0 2> /dev/null)
else
TEST=$(wget -O - https://test.internal.netfree.link/user/0 2> /dev/null)
fi
if echo "$TEST" | grep -q "userKey" ; then
green "Certificate works successfully"
else
red "Certificate error"
exit 1
fi
fi
else
red "Network not NetFree"
fi
This is explained in the first link you were given. Did you try to read this link? Do you have any specific questions after having read it?
I thought it would be helpful and efficient to quote the provided script
Well, if you cannot spend your own time to read description how to solve your problem, why do you expect someone to waste time trying to understand what some random script does?
Anyway - to install additional trusted CA certificate on openSUSE you need to follow explanation in the first link you were given. As for environment variables this script sets - I do not even know whether they are needed.
Yes, it looks like the intent of the script is to add your ISP’s CA root certificate to your computer’s list of trusted Certificate Authority roots. if you want to actually do this, then just download the CA Root certificate from (presumably) here
https://test.internal.netfree.link/user/0, and then follow the steps in the links provided in marel’s reply.