#!/bin/bash -e
# Generate tomcat keystore from default SSL certificate
# Note: this inithook is not required if Tomcat is proxied via Apache
# 	the tomcat-apache overlay makes it non-executable by default

KEY_TYPE=pkcs12
KEY_PASS=turnkey
KEY_SRC=/etc/ssl/private/cert.pem
KEY_DST=/etc/tomcat10/cert.p12

openssl $KEY_TYPE -export -in $KEY_SRC -out $KEY_DST -passout pass:$KEY_PASS

chown tomcat:tomcat $KEY_DST
