summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-10-20 21:33:30 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-10-20 21:33:30 +0200
commit107e509b488a850e4d424e99f58a937e92e6bdf9 (patch)
treec2e6647e1d6ec4d58eb98c4af31b9b965cf592cd
parent1cbf6fc8c9381f0835530dc0753f7c7af7502d88 (diff)
downloadpki-dev-107e509b488a850e4d424e99f58a937e92e6bdf9.tar.gz
pki-dev-107e509b488a850e4d424e99f58a937e92e6bdf9.tar.xz
pki-dev-107e509b488a850e4d424e99f58a937e92e6bdf9.zip
Updated CMC scripts.
-rwxr-xr-xscripts/sslserver-cmc-sign.sh3
-rwxr-xr-xscripts/subca-cmc-sign.sh74
-rwxr-xr-xscripts/subsystem-cmc-sign.sh3
3 files changed, 78 insertions, 2 deletions
diff --git a/scripts/sslserver-cmc-sign.sh b/scripts/sslserver-cmc-sign.sh
index d7c8fcb..eabe237 100755
--- a/scripts/sslserver-cmc-sign.sh
+++ b/scripts/sslserver-cmc-sign.sh
@@ -59,7 +59,8 @@ tokenname=internal
nickname=caadmin
# CMC servlet path
-servlet=/ca/ee/ca/profileSubmitCMCFullServerCert
+#servlet=/ca/ee/ca/profileSubmitCMCFullServerCert
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCserverCert
# Path for the CMC request.
input=tmp/sslserver-cmc-request.bin
diff --git a/scripts/subca-cmc-sign.sh b/scripts/subca-cmc-sign.sh
new file mode 100755
index 0000000..9a512ad
--- /dev/null
+++ b/scripts/subca-cmc-sign.sh
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+mkdir -p tmp
+
+cat > tmp/subca-cmc-request.cfg << EOF
+# NSS database directory.
+dbdir=$HOME/.dogtag/nssdb
+
+# NSS database password.
+password=Secret.123
+
+# Token name (default is internal).
+tokenname=internal
+
+# Nickname for agent certificate.
+nickname=caadmin
+
+# Request format: pkcs10 or crmf.
+format=pkcs10
+
+# Total number of PKCS10/CRMF requests.
+numRequests=1
+
+# Path to the PKCS10/CRMF request.
+# The content must be in Base-64 encoded format.
+# Multiple files are supported. They must be separated by space.
+input=$PWD/tmp/subca.csr
+
+# Path for the CMC request in binary format
+output=$PWD/tmp/subca-cmc-request.bin
+EOF
+
+CMCRequest tmp/subca-cmc-request.cfg
+
+cat > tmp/subca-cmc-submit.cfg << EOF
+# PKI server host name.
+host=$HOSTNAME
+
+# PKI server port number.
+port=8443
+
+# Use secure connection.
+# For secure connection with ECC, set environment variable 'export NSS_USE_DECODED_CKA_EC_POINT=1'.
+secure=true
+
+# Use client authentication.
+clientmode=true
+
+# NSS database directory.
+dbdir=$HOME/.dogtag/nssdb
+
+# NSS database password.
+password=Secret.123
+
+# Token name (default: internal).
+tokenname=internal
+
+# Nickname of agent certificate.
+nickname=caadmin
+
+# CMC servlet path
+#servlet=/ca/ee/ca/profileSubmitCMCFull
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCcaCert
+
+# Path for the CMC request.
+input=tmp/subca-cmc-request.bin
+
+# Path for the CMC response.
+output=tmp/subca-cmc-response.bin
+EOF
+
+HttpClient tmp/subca-cmc-submit.cfg
+
+CMCResponse -i tmp/subca-cmc-response.bin -o tmp/subca.crt
diff --git a/scripts/subsystem-cmc-sign.sh b/scripts/subsystem-cmc-sign.sh
index 6332501..ccbf176 100755
--- a/scripts/subsystem-cmc-sign.sh
+++ b/scripts/subsystem-cmc-sign.sh
@@ -59,7 +59,8 @@ tokenname=internal
nickname=caadmin
# CMC servlet path
-servlet=/ca/ee/ca/profileSubmitCMCFullSubsystemCert
+#servlet=/ca/ee/ca/profileSubmitCMCFullSubsystemCert
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCsubsystemCert
# Path for the CMC request.
input=tmp/subsystem-cmc-request.bin