#!/bin/bash # Mercedes-Benz SSL-Zertifikat-Installationsskript # Installiert notwendige Zertifikate für sichere Netzwerkverbindungen set -euo pipefail # Farben für Ausgabe RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Emojis für bessere Lesbarkeit SUCCESS="✅" ERROR="❌" WARNING="⚠️" INFO="ℹ️" CERT="🔐" MERCEDES="🏎️" # Logging-Funktion log() { echo -e "${1} $(date '+%Y-%m-%d %H:%M:%S') - ${2}" } log_success() { log "${GREEN}${SUCCESS}${NC}" "$1"; } log_error() { log "${RED}${ERROR}${NC}" "$1"; } log_warning() { log "${YELLOW}${WARNING}${NC}" "$1"; } log_info() { log "${BLUE}${INFO}${NC}" "$1"; } # Header echo -e "${BLUE}${MERCEDES}${NC} Mercedes-Benz SSL-Zertifikat-Installation ${BLUE}${MERCEDES}${NC}" echo "==================================================================" echo "" # Betriebssystem erkennen detect_os() { if [[ "$OSTYPE" == "linux-gnu"* ]]; then if command -v apt-get &> /dev/null; then OS="ubuntu" elif command -v yum &> /dev/null; then OS="centos" elif command -v pacman &> /dev/null; then OS="arch" else OS="linux" fi elif [[ "$OSTYPE" == "darwin"* ]]; then OS="macos" elif [[ "$OSTYPE" == "msys" ]] || [[ "$OSTYPE" == "cygwin" ]]; then OS="windows" else OS="unknown" fi log_info "Erkanntes Betriebssystem: $OS" } # Root-Rechte prüfen (außer Windows) check_privileges() { if [[ "$OS" != "windows" ]] && [[ $EUID -ne 0 ]]; then log_error "Dieses Skript muss als Root ausgeführt werden!" log_info "Verwenden Sie: sudo $0" exit 1 fi } # Zertifikat-Verzeichnisse erstellen create_cert_directories() { log_info "Erstelle Zertifikat-Verzeichnisse..." mkdir -p certs/mercedes/{root,intermediate,server} mkdir -p certs/backup log_success "Zertifikat-Verzeichnisse erstellt" } # Mercedes-Benz Root-Zertifikate herunterladen/installieren install_mercedes_root_certs() { log_info "${CERT} Installiere Mercedes-Benz Root-Zertifikate..." # Mercedes-Benz Corporate Root CA cat > certs/mercedes/root/mercedes-root-ca.crt << 'EOF' -----BEGIN CERTIFICATE----- MIIGOTCCBCGgAwIBAgIQSeiY3h8+WoxNSBg0jOy/ozANBgkqhkiG9w0BAQsFADA9 MQswCQYDVQQGEwJERTETMBEGA1UECgwKRGFpbWxlciBBRzEZMBcGA1UEAwwQQ29y cC1QcmotUm9vdC1DQTAeFw0yMDA5MzAyMTM0MzlaFw00MDA5MzAyMTM0MzlaMD0x CzAJBgNVBAYTAkRFMRMwEQYDVQQKDApEYWltbGVyIEFHMRkwFwYDVQQDDBBDb3Jw LVByai1Sb290LUNBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmwTL 4Pwy4W9yM637BwmYYPle5YErD/lpbmP8b3if+BKmwsWsOz2pRzCNDCPUnZl7xW1e XrMmmksD6MRXk2vwz/BAXgf5Bc6+ii+q4ia3Tt+voKLZXJej5cXuqoZrGWzdlC5H bY2SxUwbr7O05CsQzVsGhI+rbGDCUbjfE6NY2s3BbMpjndQYX/9JV+KHg6puZI/o s1vt/RaOHkuvd9NFmrCdb9A+b0CpMT2K4tQzgNjk30MNfI6DRwHUjxF2l1ZpscHq 28gj4PfWbA9d/kxwuxOOJX4rfihRiwwnUzwF3jD1MlnHu4GTGLBIoke2KUXL0BI9 IrSKvl3DjRZf3XRcAo4IlT8tECaRZloTIVNgACsUmSNtIWn/x6EUKoaLvqZf6BQt 4I+tuMdmIqRkGA+MRuCHbPsjpDBPsQ5Y+r80MF1STode0Peq6gTdYvRbN7KJjbET uXFjD520LEBRP1YaA99DMmer2e0znhkCffwrkWYQUc1B2yUdyS08UfMIqm8CybWD lFTE2Taau2xebGlBeipvJ4QkzrR3TZ9CsTb+h38o50F4GHUh5nF0ll0IIS/73XtQ YSEOaCxCBiEraIxPIg9HRj6yASnA7korzqUb3cmJiqIoLOjoMqZL1NksbEJBranV QMzY4lNuNHabjwa3P36MoGIkUj334EigoEtqwvMCAwEAAaOCATMwggEvMA4GA1Ud DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTojU2VKgTmq3j3 JZl7o9WYdlWuHDCB7AYDVR0gBIHkMIHhMIHeBgRVHSAAMIHVMCoGCCsGAQUFBwIB Fh5odHRwOi8vcGtpLmNvcnBzaGFyZWQubmV0L2Nwcy8wgaYGCCsGAQUFBwICMIGZ HoGWAEQAYQBpAG0AbABlAHIAIABQAHIAbwBqAGUAYwB0ACAAQwBBACAAQwBlAHIA dABpAGYAaQBjAGEAdABlACAAUABvAGwAaQBjAHkAIABhAG4AZAAgAEMAZQByAHQA aQBmAGkAYwBhAHQAaQBvAG4AIABQAHIAYQBjAHQAaQBjAGUAIABTAHQAYQB0AGUA bQBlAG4AdAAuMA0GCSqGSIb3DQEBCwUAA4ICAQA1/LxktggnmFd7k77Qkub89LpI 26BdNXpozIpc5+uW0W2Q1jJ30PHNEaXGNt2hBA7sXxCYx/+NrrC2RE/8QClZ6kUk P+AT8W2j0msmh5TpH9TRizDRGFbIlvsLlDRAW2FuTKYL1N7LXFE8oqlqpo6Tl+k9 6yWJwVyZInTwRy0BWAPviA/n2gJuEGTIFi3I494d6YMKIDw5LAvH90ISVNRN7+a3 DBmdVATSQRA9cEsLgDxpDQnOMxNaSIsIKD8DKGwD+m7Kzgwg5Qg9JyC734wJMqu9 wHdZJ1FiTXNkH68dOK2zNGNEsjhUTH058joY2y33dxawJXTkeqDVP2uozC2ruWDs QUT/AdLcUWa+mrFyDSw0IvrdUmSp3fWW9+Sx3o2uInSSBISkVByg3XvYag+Ibdiy 83Denqi9SVQjzTclfx0XNbjcSoxvRRluegNXuU0P48PZ2/QKZhs0hJ7poQCeUlDe O8oOGhOOejlouUi0uqOthfS1puqlLIAESjWADyufir1+WcMow7PVUy9+agg9lpgr aH7+klVjLPiGYUg3CxGv+aO6uYSA089SuhJRrurYuOXuP3VqaoPx0Smbj1JZ1n3D HlSPGaSVWF06l5gF0dZj1IgrWjljvhfhr8Mfj5aQCiUDWN7YhLzthzlrhSeV8sY7 i9eJKKHKnwWB67iC4g== -----END CERTIFICATE----- EOF # Daimler AG Root CA cat > certs/mercedes/root/daimler-root-ca.crt << 'EOF' -----BEGIN CERTIFICATE----- MIIGIjCCBAqgAwIBAgIQHFAzqM8GW6RCGy2VQ1JYBDANBgkqhkiG9w0BAQsFADA8 MQswCQYDVQQGEwJERTETMBEGA1UECgwKRGFpbWxlciBBRzEYMBYGA1UEAwwPQ29y cC1Sb290LUNBLUcyMB4XDTE2MTEwMjEzNTE1NFoXDTM2MTEwMjEzNTE1NFowPDEL MAkGA1UEBhMCREUxEzARBgNVBAoMCkRhaW1sZXIgQUcxGDAWBgNVBAMMD0NvcnAt Um9vdC1DQS1HMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMJPB4sn gp25cVIrmOaU+V4ZpCeuzzUJDdHDyd7wPTezjgzpp70s65SgTFtvHV2171OaVaFP RWl3Tnm2dt4TOzTTf5L6VSn7RcAH3DKZ9hmWpyTZNEdTViLOBMcxYyNWD42oSpvM hrqhPc19/6G4a2DqX7wWLrMtw8gxZXP6Fu/2Xzgw+Bw0iUo3DUaZu6Qiw+mrAZis VhrsjrTChj9+sgpva/JLZPAU0UlSRKa+jZL2O5cZY8AL21NFNmR+MbxI/inPcBXO k803MszGPraZbKk+ZPgyn38O3BwPNZRBzadi5f6XwI9W9K0Ar7rXjUf/OJRL8//1 qqsILdyYYultdv1BldXsN5szPsXrRyOlln0+bmer+k8KDdTekV0Y9aiOTgUIlvhH D7ocCR7vZulyLtgg0YkMbV3ds2dC7ZNJiGYiR0WY/XaEE7Nn1RuQvJvfRYuotPqU +Ra2jkqM8BS/CfN/NEL1C6Gki1+Xwgbyp6Y0u9ouuBhuK8hBA8F8XPmtg8j05MSl /M3zetIhxPf/N6l09oARzRyaTlVj+RiUhX4maKW7CxEsjcY+NsnunfYCTYtrrM0b L/c3x84B+tlYmJ2P1AEzBDT0DG2rz8qc9CszgcvDzyBOWFav14enWihMXaQglmZK 6atHWUIHG7xU6+URey3fuiERu8bRUWJylnLXAgMBAAGjggEeMIIBGjAOBgNVHQ8B Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjMD1u+au8ZZ5Svfo uG1K4odr0XQwgdcGA1UdIASBzzCBzDCByQYEVR0gADCBwDArBggrBgEFBQcCARYf aHR0cDovL3BraS5jb3Jwc2hhcmVkLm5ldC9jcHMvADCBkAYIKwYBBQUHAgIwgYMe gYAARABhAGkAbQBsAGUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAFAAbwBs AGkAYwB5ACAAYQBuAGQAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGkAbwBuACAAUABy AGEAYwB0AGkAYwBlACAAUwB0AGEAdABlAG0AZQBuAHQALjANBgkqhkiG9w0BAQsF AAOCAgEAO/YuDNU9uPMKlkjTHg7kzs3dtEE2HA/aRD2ko4UDkOf8fSynIv5AcuC2 O//bbcTmFByU7OFx/P6JXIsqXhnw+8HdScZB8RxUwskjbD9qSq2zG+vcL9WRvNw5 5/Igq3xbNMHWLix+h98IV3Rzok6i6btHr9/yvdvDMHlcy7hMfkMhsx9IoXveJLcB 2n0s/JYqkR+eN+zJ7C3sx+W/nAMkwqG3oFAiaKVUmvbRD9eKOssAEQGZi7AgCige D395CIL+jIZfxrSotTlR5oxx0LabxACEAulL6I5Retnnpsnbc75sQnpMBKFvQO8n dPTdzNCp7337Qby1fPnrzig4SndSSf/crbPBU3N/tZWKldC3SHmcOhAzBUwMibQC GsvkPxIqROYFRoKRv5VlsoqSJkb225DTfq1TyP9wHhi80ZllOpHrFkdc+Z6a62O3 sGQNSymxC5xyNMsVd8GidgxbCa1xXHNtTnKTxsbzFvTXgL7GwbJnaf341uP/+sTt L7i3SsMynWRMQgXIbu8h+zriacnAWoQmxeJ/by/TZUUSNcYxyZWDmIxR3ZIdS2AO srlDmNt++Q3P0DHpJXOvZKeRoWyTsA8RceRvAoJWjBSBwuW2kThKHqwAOVRwQ2o9 uPU7Ic3wisWJTNmVF7d/QATRL2tVV2HV1+O4aTNl9s8bTKZ4P1w= -----END CERTIFICATE----- EOF log_success "Mercedes-Benz Root-Zertifikate erstellt" } # System-Zertifikatsspeicher aktualisieren update_system_cert_store() { log_info "Aktualisiere System-Zertifikatsspeicher..." case "$OS" in "ubuntu") # Ubuntu/Debian cp certs/mercedes/root/*.crt /usr/local/share/ca-certificates/ update-ca-certificates ;; "centos") # CentOS/RHEL cp certs/mercedes/root/*.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust ;; "arch") # Arch Linux cp certs/mercedes/root/*.crt /etc/ca-certificates/trust-source/anchors/ trust extract-compat ;; "macos") # macOS for cert in certs/mercedes/root/*.crt; do security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$cert" done ;; "windows") # Windows (über PowerShell) powershell.exe -Command " Get-ChildItem -Path 'certs/mercedes/root/*.crt' | ForEach-Object { Import-Certificate -FilePath \$_.FullName -CertStoreLocation Cert:\\LocalMachine\\Root } " ;; *) log_warning "Unbekanntes OS - manuelle Installation erforderlich" ;; esac log_success "System-Zertifikatsspeicher aktualisiert" } # Python-Zertifikate aktualisieren update_python_certs() { log_info "Aktualisiere Python-Zertifikate..." # Python certifi-Paket aktualisieren if command -v pip3 &> /dev/null; then pip3 install --upgrade certifi elif command -v pip &> /dev/null; then pip install --upgrade certifi fi # Requests-Zertifikate aktualisieren python3 -c " import ssl import certifi print(f'Python SSL-Kontext: {ssl.create_default_context().check_hostname}') print(f'Certifi-Pfad: {certifi.where()}') " 2>/dev/null || log_warning "Python-Zertifikat-Check fehlgeschlagen" log_success "Python-Zertifikate aktualisiert" } # Node.js-Zertifikate aktualisieren update_nodejs_certs() { if command -v node &> /dev/null; then log_info "Aktualisiere Node.js-Zertifikate..." # Node.js CA-Bundle aktualisieren export NODE_EXTRA_CA_CERTS="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" log_success "Node.js-Zertifikate konfiguriert" fi } # Git-Zertifikate konfigurieren configure_git_certs() { if command -v git &> /dev/null; then log_info "Konfiguriere Git-Zertifikate..." # Git CA-Bundle setzen git config --global http.sslCAInfo "$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" log_success "Git-Zertifikate konfiguriert" fi } # Curl-Zertifikate konfigurieren configure_curl_certs() { if command -v curl &> /dev/null; then log_info "Konfiguriere Curl-Zertifikate..." # Curl CA-Bundle in .curlrc setzen echo "cacert = $(pwd)/certs/mercedes/root/mercedes-root-ca.crt" >> ~/.curlrc log_success "Curl-Zertifikate konfiguriert" fi } # Wget-Zertifikate konfigurieren configure_wget_certs() { if command -v wget &> /dev/null; then log_info "Konfiguriere Wget-Zertifikate..." # Wget CA-Bundle in .wgetrc setzen echo "ca_certificate = $(pwd)/certs/mercedes/root/mercedes-root-ca.crt" >> ~/.wgetrc log_success "Wget-Zertifikate konfiguriert" fi } # Browser-Zertifikate installieren install_browser_certs() { log_info "Installiere Browser-Zertifikate..." case "$OS" in "ubuntu"|"linux") # Chrome/Chromium if command -v google-chrome &> /dev/null || command -v chromium-browser &> /dev/null; then mkdir -p ~/.pki/nssdb certutil -A -n "Mercedes-Benz Root CA" -t "C,," -i certs/mercedes/root/mercedes-root-ca.crt -d ~/.pki/nssdb 2>/dev/null || true fi # Firefox if command -v firefox &> /dev/null; then FIREFOX_PROFILE=$(find ~/.mozilla/firefox -name "*.default*" -type d | head -1) if [[ -n "$FIREFOX_PROFILE" ]]; then certutil -A -n "Mercedes-Benz Root CA" -t "C,," -i certs/mercedes/root/mercedes-root-ca.crt -d "$FIREFOX_PROFILE" 2>/dev/null || true fi fi ;; "macos") # Safari verwendet System-Keychain (bereits installiert) log_info "Safari verwendet System-Keychain" ;; "windows") # Internet Explorer/Edge verwenden Windows-Zertifikatsspeicher (bereits installiert) log_info "IE/Edge verwenden Windows-Zertifikatsspeicher" ;; esac log_success "Browser-Zertifikate installiert" } # Zertifikat-Validierung validate_certificates() { log_info "Validiere installierte Zertifikate..." # Test mit OpenSSL if command -v openssl &> /dev/null; then openssl verify -CAfile certs/mercedes/root/mercedes-root-ca.crt certs/mercedes/root/mercedes-root-ca.crt &>/dev/null && \ log_success "OpenSSL-Validierung erfolgreich" || \ log_warning "OpenSSL-Validierung fehlgeschlagen" fi # Test mit Python requests python3 -c " import requests import ssl try: # Test HTTPS-Verbindung response = requests.get('https://httpbin.org/get', timeout=10) print('✅ Python requests: HTTPS-Verbindung erfolgreich') except Exception as e: print(f'⚠️ Python requests: {e}') " 2>/dev/null || log_warning "Python requests-Test fehlgeschlagen" # Test mit Curl if command -v curl &> /dev/null; then curl -s --connect-timeout 10 https://httpbin.org/get > /dev/null && \ log_success "Curl HTTPS-Test erfolgreich" || \ log_warning "Curl HTTPS-Test fehlgeschlagen" fi } # Backup erstellen create_backup() { log_info "Erstelle Backup der ursprünglichen Zertifikate..." case "$OS" in "ubuntu") cp -r /etc/ssl/certs certs/backup/original-certs-$(date +%Y%m%d) 2>/dev/null || true ;; "centos") cp -r /etc/pki/tls/certs certs/backup/original-certs-$(date +%Y%m%d) 2>/dev/null || true ;; "macos") security export -k /Library/Keychains/System.keychain -o certs/backup/system-keychain-$(date +%Y%m%d).p12 2>/dev/null || true ;; esac log_success "Backup erstellt" } # Umgebungsvariablen setzen set_environment_variables() { log_info "Setze Umgebungsvariablen..." # SSL-Umgebungsvariablen cat >> ~/.bashrc << EOF # Mercedes-Benz SSL-Zertifikat-Konfiguration export SSL_CERT_FILE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" export SSL_CERT_DIR="$(pwd)/certs/mercedes/root" export REQUESTS_CA_BUNDLE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" export CURL_CA_BUNDLE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" export NODE_EXTRA_CA_CERTS="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" EOF # Für aktuelle Session export SSL_CERT_FILE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" export SSL_CERT_DIR="$(pwd)/certs/mercedes/root" export REQUESTS_CA_BUNDLE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" export CURL_CA_BUNDLE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" export NODE_EXTRA_CA_CERTS="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt" log_success "Umgebungsvariablen gesetzt" } # Hauptfunktion main() { log_info "Starte Mercedes-Benz Zertifikat-Installation..." detect_os check_privileges create_backup create_cert_directories install_mercedes_root_certs update_system_cert_store update_python_certs update_nodejs_certs configure_git_certs configure_curl_certs configure_wget_certs install_browser_certs set_environment_variables validate_certificates echo "" echo "==================================================================" log_success "${MERCEDES} Mercedes-Benz Zertifikat-Installation abgeschlossen!" echo "==================================================================" echo "" log_info "Nächste Schritte:" echo " 1. Terminal neu starten oder 'source ~/.bashrc' ausführen" echo " 2. Anwendungen neu starten für Zertifikat-Erkennung" echo " 3. HTTPS-Verbindungen testen" echo "" log_info "Backup-Verzeichnis: $(pwd)/certs/backup" log_info "Zertifikat-Verzeichnis: $(pwd)/certs/mercedes" } # Fehlerbehandlung trap 'log_error "Skript wurde unterbrochen"; exit 1' INT TERM # Skript ausführen main "$@"