diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-01 22:38:52 -0400 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-01 22:38:52 -0400 |
commit | 318e2d96ca495f58cdbcb058a12e0b663aba13b0 (patch) | |
tree | 7c43a2e250557803dd36590e897750420d99efc7 | |
parent | 204e469bd9211f53417f38ba2d6e29eb75a272a5 (diff) | |
download | pki-dev-318e2d96ca495f58cdbcb058a12e0b663aba13b0.tar.gz pki-dev-318e2d96ca495f58cdbcb058a12e0b663aba13b0.tar.xz pki-dev-318e2d96ca495f58cdbcb058a12e0b663aba13b0.zip |
Added RA scripts.
-rwxr-xr-x | scripts/ra-configure.sh | 52 | ||||
-rwxr-xr-x | scripts/ra-include.sh | 29 | ||||
-rwxr-xr-x | scripts/ra-reinstall.sh | 4 |
3 files changed, 85 insertions, 0 deletions
diff --git a/scripts/ra-configure.sh b/scripts/ra-configure.sh new file mode 100755 index 0000000..1f94cbb --- /dev/null +++ b/scripts/ra-configure.sh @@ -0,0 +1,52 @@ +#!/bin/sh -x + +. ./ra-include.sh + +PIN=`grep preop.pin= $INSTANCE_ROOT/$RA_INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'` + +CERTS=$SRC_DIR/pki-dev/certs/ra +rm -rf $CERTS +mkdir -p $CERTS + +if [ "$RA_SECURE_PORT" == "" ]; then + PORT="$RA_ADMIN_SECURE_PORT" +else + PORT="$RA_SECURE_PORT" +fi + +pkisilent ConfigureRA \ + -cs_hostname $HOSTNAME \ + -cs_port $PORT \ + -cs_clientauth_port $PORT \ + -preop_pin $PIN \ + -client_certdb_dir "$CERTS" \ + -client_certdb_pwd "$PASSWORD" \ + -token_name "internal" \ + -sd_hostname "$HOSTNAME" \ + -sd_admin_port 8443 \ + -sd_ssl_port 8443 \ + -sd_agent_port 8443 \ + -sd_admin_name "caadmin" \ + -sd_admin_password "$PASSWORD" \ + -domain_name "$REALM" \ + -subsystem_name "$RA_SUBSYSTEM_NAME" \ + -key_type rsa \ + -key_size 2048 \ + -ra_server_cert_subject_name "$RA_SERVER_CERT_SUBJECT_NAME" \ + -ra_subsystem_cert_subject_name "$RA_SUBSYSTEM_CERT_SUBJECT_NAME" \ + -ca_hostname "$HOSTNAME" \ + -ca_port 8080 \ + -ca_ssl_port 8443 \ + -ca_admin_port 8443 \ + -admin_user "$RA_ADMIN_USER" \ + -agent_name "$RA_ADMIN_NAME" \ + -admin_email "$RA_ADMIN_EMAIL" \ + -admin_password "$RA_ADMIN_PASSWORD" \ + -agent_key_size 2048 \ + -agent_key_type rsa \ + -agent_cert_subject "$RA_ADMIN_CERT_SUBJECT" + +echo $PASSWORD > "$CERTS/password.txt" +PKCS12Export -d "$CERTS" -o "$CERTS/ra-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" + +systemctl restart pki-rad@$RA_INSTANCE_NAME.service diff --git a/scripts/ra-include.sh b/scripts/ra-include.sh new file mode 100755 index 0000000..af83472 --- /dev/null +++ b/scripts/ra-include.sh @@ -0,0 +1,29 @@ +#!/bin/sh -x + +SRC_DIR="`cd ../.. ; pwd`" + +DOMAIN="example.com" +REALM="EXAMPLE-COM" +PASSWORD="Secret123" + +INSTANCE_ROOT="/var/lib" +INSTANCE_USER="pkiuser" +INSTANCE_GROUP="pkiuser" + +RA_INSTANCE_NAME="pki-ra" + +RA_SUBSYSTEM_TYPE="ra" +RA_SUBSYSTEM_NAME="Registration Authority" + +RA_SECURE_PORT="12889" +RA_NON_CLIENTAUTH_SECURE_PORT="12890" +RA_UNSECURE_PORT="12888" + +RA_SERVER_CERT_SUBJECT_NAME="CN=$HOSTNAME,OU=pki-ra,O=$REALM" +RA_SUBSYSTEM_CERT_SUBJECT_NAME="CN=RA Subsystem Certificate,OU=pki-ra,O=$REALM" + +RA_ADMIN_USER="raadmin" +RA_ADMIN_NAME="$RA_ADMIN_USER" +RA_ADMIN_EMAIL="$RA_ADMIN_USER@$DOMAIN" +RA_ADMIN_PASSWORD="$PASSWORD" +RA_ADMIN_CERT_SUBJECT="CN=$RA_ADMIN_NAME,UID=$RA_ADMIN_USER,E=$RA_ADMIN_EMAIL,O=$REALM" diff --git a/scripts/ra-reinstall.sh b/scripts/ra-reinstall.sh new file mode 100755 index 0000000..a36c149 --- /dev/null +++ b/scripts/ra-reinstall.sh @@ -0,0 +1,4 @@ +#!/bin/sh -x + +./ra-uninstall.sh +./ra-install.sh |