scripts/firefox-certs-import.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

#!/bin/sh -x

user=$1

if [ "$user" == "" ]; then
    home=$HOME
else
    home=/home/$user
fi

echo HOME=$home

SRC_DIR=`cd ../.. ; pwd`

FIREFOX_DIR=$home/.mozilla/firefox
PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`

CA_INSTANCE_NAME=ca-master
KRA_INSTANCE_NAME=kra-master

################################################################################
# Importing CA certificate
################################################################################

CA_CERT_NAME="caSigningCert cert-$CA_INSTANCE_NAME CA"
CA_CERT_DIR=/var/lib/pki/$CA_INSTANCE_NAME/alias

# export CA cert
certutil -L -d $CA_CERT_DIR -n "$CA_CERT_NAME" -a > $CA_CERT_DIR/ca.pem
AtoB $CA_CERT_DIR/ca.pem $CA_CERT_DIR/ca.crt

# import CA cert
certutil -A -d $FIREFOX_DIR/$PROFILE -n "$CA_CERT_NAME" -i $CA_CERT_DIR/ca.pem -t CT,C,C

################################################################################
# Importing server certificate
################################################################################

SERVER_CERT_NAME="Server-Cert cert-$CA_INSTANCE_NAME"

# export server cert
certutil -L -d $CA_CERT_DIR -n "$SERVER_CERT_NAME" -a > $CA_CERT_DIR/server.pem
AtoB $CA_CERT_DIR/server.pem $CA_CERT_DIR/server.crt

# import server cert
certutil -A -d $FIREFOX_DIR/$PROFILE -n "$SERVER_CERT_NAME" -i $CA_CERT_DIR/server.pem -t CT,C,C

################################################################################
# Importing CA admin certificate
################################################################################

CA_CERT_P12=$CA_CERT_DIR/ca_admin_cert.p12

# import CA admin cert
pk12util -i $CA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
certutil -M -n caadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE

################################################################################
# Importing KRA admin certificate
################################################################################

KRA_CERT_DIR=/var/lib/pki/$KRA_INSTANCE_NAME/alias
KRA_CERT_P12=$KRA_CERT_DIR/kra_admin_cert.p12

# import KRA admin cert
pk12util -i $KRA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE