diff options
Diffstat (limited to 'scripts/subca-cmc-sign.sh')
-rwxr-xr-x | scripts/subca-cmc-sign.sh | 74 |
1 files changed, 3 insertions, 71 deletions
diff --git a/scripts/subca-cmc-sign.sh b/scripts/subca-cmc-sign.sh index 9a512ad..42daebd 100755 --- a/scripts/subca-cmc-sign.sh +++ b/scripts/subca-cmc-sign.sh @@ -1,74 +1,6 @@ #!/bin/sh -mkdir -p tmp +#pki cert-show 0x1 --output tmp/external.crt +#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b -cat > tmp/subca-cmc-request.cfg << EOF -# NSS database directory. -dbdir=$HOME/.dogtag/nssdb - -# NSS database password. -password=Secret.123 - -# Token name (default is internal). -tokenname=internal - -# Nickname for agent certificate. -nickname=caadmin - -# Request format: pkcs10 or crmf. -format=pkcs10 - -# Total number of PKCS10/CRMF requests. -numRequests=1 - -# Path to the PKCS10/CRMF request. -# The content must be in Base-64 encoded format. -# Multiple files are supported. They must be separated by space. -input=$PWD/tmp/subca.csr - -# Path for the CMC request in binary format -output=$PWD/tmp/subca-cmc-request.bin -EOF - -CMCRequest tmp/subca-cmc-request.cfg - -cat > tmp/subca-cmc-submit.cfg << EOF -# PKI server host name. -host=$HOSTNAME - -# PKI server port number. -port=8443 - -# Use secure connection. -# For secure connection with ECC, set environment variable 'export NSS_USE_DECODED_CKA_EC_POINT=1'. -secure=true - -# Use client authentication. -clientmode=true - -# NSS database directory. -dbdir=$HOME/.dogtag/nssdb - -# NSS database password. -password=Secret.123 - -# Token name (default: internal). -tokenname=internal - -# Nickname of agent certificate. -nickname=caadmin - -# CMC servlet path -#servlet=/ca/ee/ca/profileSubmitCMCFull -servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCcaCert - -# Path for the CMC request. -input=tmp/subca-cmc-request.bin - -# Path for the CMC response. -output=tmp/subca-cmc-response.bin -EOF - -HttpClient tmp/subca-cmc-submit.cfg - -CMCResponse -i tmp/subca-cmc-response.bin -o tmp/subca.crt +./ca_signing-cmc-sign.sh |