diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-07-25 05:58:08 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-25 05:58:08 +0200 |
| commit | 39002e1c42d789f6f7cdfaabb1efb5148a7248e6 (patch) | |
| tree | 58f4dbc750ee368694f7c48ef448d25f104d45f0 | |
| parent | be2b41df4a70643a4b84af67d445e37a075f0065 (diff) | |
| download | pki-dev-39002e1c42d789f6f7cdfaabb1efb5148a7248e6.tar.gz pki-dev-39002e1c42d789f6f7cdfaabb1efb5148a7248e6.tar.xz pki-dev-39002e1c42d789f6f7cdfaabb1efb5148a7248e6.zip | |
Updated external CA scripts.
| -rwxr-xr-x | scripts/ca-external-ca-sign.sh | 6 | ||||
| -rwxr-xr-x | scripts/ca-external-cmc-sign.sh | 6 | ||||
| -rwxr-xr-x | scripts/ca-external-nss-sign.sh | 2 | ||||
| -rwxr-xr-x | scripts/ca_signing-ca-sign.sh | 13 | ||||
| -rwxr-xr-x | scripts/ca_signing-cmc-sign.sh | 2 | ||||
| -rwxr-xr-x | scripts/external-ca-sign.sh | 11 |
6 files changed, 26 insertions, 14 deletions
diff --git a/scripts/ca-external-ca-sign.sh b/scripts/ca-external-ca-sign.sh new file mode 100755 index 0000000..b33e470 --- /dev/null +++ b/scripts/ca-external-ca-sign.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +pki cert-show 0x1 --output tmp/external.crt +#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b + +./ca_signing-ca-sign.sh diff --git a/scripts/ca-external-cmc-sign.sh b/scripts/ca-external-cmc-sign.sh new file mode 100755 index 0000000..42daebd --- /dev/null +++ b/scripts/ca-external-cmc-sign.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +#pki cert-show 0x1 --output tmp/external.crt +#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b + +./ca_signing-cmc-sign.sh diff --git a/scripts/ca-external-nss-sign.sh b/scripts/ca-external-nss-sign.sh index b67082c..67682ec 100755 --- a/scripts/ca-external-nss-sign.sh +++ b/scripts/ca-external-nss-sign.sh @@ -53,7 +53,7 @@ echo "## Generating certificate chain..." certutil -A -d tmp/external -n "CA Signing Certificate" -t "CT,C,C" -a -i tmp/ca_signing.crt -openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b +#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b #openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -certfile tmp/ca_signing.crt -out tmp/cert_chain.p7b #certutil -C \ diff --git a/scripts/ca_signing-ca-sign.sh b/scripts/ca_signing-ca-sign.sh new file mode 100755 index 0000000..5dcc9e1 --- /dev/null +++ b/scripts/ca_signing-ca-sign.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +CMD="pki ca-cert-request-submit --profile caCACert --csr-file tmp/ca_signing.csr" +echo $CMD +REQUEST_ID=`$CMD | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CMD="pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID" +echo $CMD +CERT_ID=`$CMD | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output tmp/ca_signing.crt $CERT_ID diff --git a/scripts/ca_signing-cmc-sign.sh b/scripts/ca_signing-cmc-sign.sh index b25c6d9..da58c1b 100755 --- a/scripts/ca_signing-cmc-sign.sh +++ b/scripts/ca_signing-cmc-sign.sh @@ -76,5 +76,3 @@ BtoA tmp/ca_signing-cmc-response.bin tmp/ca_signing-cmc-response.b64 echo "-----BEGIN PKCS7-----" > tmp/ca_signing.crt cat tmp/ca_signing-cmc-response.b64 >> tmp/ca_signing.crt echo "-----END PKCS7-----" >> tmp/ca_signing.crt - -pki cert-show --output tmp/external.crt 0x1 diff --git a/scripts/external-ca-sign.sh b/scripts/external-ca-sign.sh deleted file mode 100755 index efb864f..0000000 --- a/scripts/external-ca-sign.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -REQUEST_ID=`pki ca-cert-request-submit --profile caCACert --csr-file ca_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` -echo Request ID: $REQUEST_ID - -CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` -echo Certificate ID: $CERT_ID - -pki cert-show --output ca_signing.crt $CERT_ID - -pki cert-show --output external.crt 0x1 |