summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-07-25 05:58:08 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-07-25 05:58:08 +0200
commit39002e1c42d789f6f7cdfaabb1efb5148a7248e6 (patch)
tree58f4dbc750ee368694f7c48ef448d25f104d45f0
parentbe2b41df4a70643a4b84af67d445e37a075f0065 (diff)
downloadpki-dev-39002e1c42d789f6f7cdfaabb1efb5148a7248e6.zip
pki-dev-39002e1c42d789f6f7cdfaabb1efb5148a7248e6.tar.gz
pki-dev-39002e1c42d789f6f7cdfaabb1efb5148a7248e6.tar.xz
Updated external CA scripts.
-rwxr-xr-xscripts/ca-external-ca-sign.sh6
-rwxr-xr-xscripts/ca-external-cmc-sign.sh6
-rwxr-xr-xscripts/ca-external-nss-sign.sh2
-rwxr-xr-xscripts/ca_signing-ca-sign.sh13
-rwxr-xr-xscripts/ca_signing-cmc-sign.sh2
-rwxr-xr-xscripts/external-ca-sign.sh11
6 files changed, 26 insertions, 14 deletions
diff --git a/scripts/ca-external-ca-sign.sh b/scripts/ca-external-ca-sign.sh
new file mode 100755
index 0000000..b33e470
--- /dev/null
+++ b/scripts/ca-external-ca-sign.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+pki cert-show 0x1 --output tmp/external.crt
+#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b
+
+./ca_signing-ca-sign.sh
diff --git a/scripts/ca-external-cmc-sign.sh b/scripts/ca-external-cmc-sign.sh
new file mode 100755
index 0000000..42daebd
--- /dev/null
+++ b/scripts/ca-external-cmc-sign.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+#pki cert-show 0x1 --output tmp/external.crt
+#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b
+
+./ca_signing-cmc-sign.sh
diff --git a/scripts/ca-external-nss-sign.sh b/scripts/ca-external-nss-sign.sh
index b67082c..67682ec 100755
--- a/scripts/ca-external-nss-sign.sh
+++ b/scripts/ca-external-nss-sign.sh
@@ -53,7 +53,7 @@ echo "## Generating certificate chain..."
certutil -A -d tmp/external -n "CA Signing Certificate" -t "CT,C,C" -a -i tmp/ca_signing.crt
-openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b
+#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b
#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -certfile tmp/ca_signing.crt -out tmp/cert_chain.p7b
#certutil -C \
diff --git a/scripts/ca_signing-ca-sign.sh b/scripts/ca_signing-ca-sign.sh
new file mode 100755
index 0000000..5dcc9e1
--- /dev/null
+++ b/scripts/ca_signing-ca-sign.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+CMD="pki ca-cert-request-submit --profile caCACert --csr-file tmp/ca_signing.csr"
+echo $CMD
+REQUEST_ID=`$CMD | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+echo Request ID: $REQUEST_ID
+
+CMD="pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID"
+echo $CMD
+CERT_ID=`$CMD | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+echo Certificate ID: $CERT_ID
+
+pki cert-show --output tmp/ca_signing.crt $CERT_ID
diff --git a/scripts/ca_signing-cmc-sign.sh b/scripts/ca_signing-cmc-sign.sh
index b25c6d9..da58c1b 100755
--- a/scripts/ca_signing-cmc-sign.sh
+++ b/scripts/ca_signing-cmc-sign.sh
@@ -76,5 +76,3 @@ BtoA tmp/ca_signing-cmc-response.bin tmp/ca_signing-cmc-response.b64
echo "-----BEGIN PKCS7-----" > tmp/ca_signing.crt
cat tmp/ca_signing-cmc-response.b64 >> tmp/ca_signing.crt
echo "-----END PKCS7-----" >> tmp/ca_signing.crt
-
-pki cert-show --output tmp/external.crt 0x1
diff --git a/scripts/external-ca-sign.sh b/scripts/external-ca-sign.sh
deleted file mode 100755
index efb864f..0000000
--- a/scripts/external-ca-sign.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-REQUEST_ID=`pki ca-cert-request-submit --profile caCACert --csr-file ca_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
-echo Request ID: $REQUEST_ID
-
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
-echo Certificate ID: $CERT_ID
-
-pki cert-show --output ca_signing.crt $CERT_ID
-
-pki cert-show --output external.crt 0x1