summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-09-14 16:17:43 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-09-14 16:17:43 +0200
commit73d0412f24934d5aa211693f5864daaef20db31f (patch)
tree685855b8a829c5d4735074cafc0d2b9c7ec6a7dc
parent931c891fffd8811ac229728ae8132d72132f20f7 (diff)
downloadpki-dev-73d0412f24934d5aa211693f5864daaef20db31f.tar.gz
pki-dev-73d0412f24934d5aa211693f5864daaef20db31f.tar.xz
pki-dev-73d0412f24934d5aa211693f5864daaef20db31f.zip
Updated KRA scripts.
-rwxr-xr-xscripts/kra-clone-create.sh2
-rwxr-xr-xscripts/kra-create.sh13
-rwxr-xr-xscripts/kra-standalone-step1.sh14
-rwxr-xr-xscripts/kra-standalone-step2.sh22
4 files changed, 33 insertions, 18 deletions
diff --git a/scripts/kra-clone-create.sh b/scripts/kra-clone-create.sh
index 1e3ef38..4d89408 100755
--- a/scripts/kra-clone-create.sh
+++ b/scripts/kra-clone-create.sh
@@ -50,7 +50,7 @@ pki_clone_uri=https://$MASTER:8443
pki_storage_nickname=kra_storage
pki_transport_nickname=kra_transport
pki_audit_signing_nickname=kra_audit_signing
-pki_ssl_server_nickname=sslserver
+pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
EOF
diff --git a/scripts/kra-create.sh b/scripts/kra-create.sh
index 939b7eb..60e0662 100755
--- a/scripts/kra-create.sh
+++ b/scripts/kra-create.sh
@@ -7,11 +7,12 @@ cat > tmp/kra.cfg << EOF
pki_pin=Secret.123
[KRA]
-pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert
#pki_import_admin_cert=False
-#pki_import_admin_pkcs12_file=/root/.dogtag/pki-tomcat/ca_admin_cert.p12
-#pki_import_admin_pkcs12_password=Secret.123
-#pki_import_admin_pkcs12_nickname=caadmin
+
+#pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert
+pki_import_admin_pkcs12_file=/root/.dogtag/pki-tomcat/ca_admin_cert.p12
+pki_import_admin_pkcs12_password=Secret.123
+pki_import_admin_pkcs12_nickname=caadmin
pki_admin_email=kraadmin@example.com
pki_admin_name=kraadmin
@@ -50,10 +51,10 @@ pki_security_domain_password=Secret.123
pki_storage_nickname=kra_storage
pki_transport_nickname=kra_transport
pki_audit_signing_nickname=kra_audit_signing
-pki_ssl_server_nickname=sslserver
+pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
EOF
-pkispawn -vvv -f tmp/kra.cfg -s KRA
+pkispawn -f tmp/kra.cfg -s KRA
#/bin/cp /var/lib/pki/pki-tomcat/alias/kra_backup_keys.p12 .
diff --git a/scripts/kra-standalone-step1.sh b/scripts/kra-standalone-step1.sh
index 1c51931..bfb6c83 100755
--- a/scripts/kra-standalone-step1.sh
+++ b/scripts/kra-standalone-step1.sh
@@ -33,9 +33,10 @@ pki_external_step_two=False
pki_storage_nickname=kra_storage
pki_transport_nickname=kra_transport
pki_audit_signing_nickname=kra_audit_signing
-pki_ssl_server_nickname=sslserver
+pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
-pki_cert_chain_nickname=ca_signing
+#pki_cert_chain_nickname=ca_signing
+#pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
pki_external_admin_csr_path=$PWD/tmp/kra_admin.csr
pki_external_audit_signing_csr_path=$PWD/tmp/kra_audit_signing.csr
@@ -43,6 +44,13 @@ pki_external_sslserver_csr_path=$PWD/tmp/sslserver.csr
pki_external_storage_csr_path=$PWD/tmp/kra_storage.csr
pki_external_subsystem_csr_path=$PWD/tmp/subsystem.csr
pki_external_transport_csr_path=$PWD/tmp/kra_transport.csr
+
+pki_admin_csr_path=$PWD/tmp/kra_admin.csr
+pki_audit_signing_csr_path=$PWD/tmp/kra_audit_signing.csr
+pki_sslserver_csr_path=$PWD/tmp/sslserver.csr
+pki_storage_csr_path=$PWD/tmp/kra_storage.csr
+pki_subsystem_csr_path=$PWD/tmp/subsystem.csr
+pki_transport_csr_path=$PWD/tmp/kra_transport.csr
EOF
-pkispawn -v -f tmp/kra-standalone-step1.cfg -s KRA
+pkispawn -f tmp/kra-standalone-step1.cfg -s KRA -v
diff --git a/scripts/kra-standalone-step2.sh b/scripts/kra-standalone-step2.sh
index f20d8b1..2264d5d 100755
--- a/scripts/kra-standalone-step2.sh
+++ b/scripts/kra-standalone-step2.sh
@@ -2,9 +2,6 @@
mkdir -p tmp
-# TODO: should not be required
-# cp tmp/ca_signing.crt tmp/cert_chain.p7b
-
cat > tmp/kra-standalone-step2.cfg << EOF
[DEFAULT]
pki_pin=Secret.123
@@ -33,21 +30,30 @@ pki_token_password=Secret.123
pki_standalone=True
pki_external_step_two=True
+#pki_cert_chain_nickname=ca_signing
+pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
+#pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b
+pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt
+
pki_storage_nickname=kra_storage
pki_transport_nickname=kra_transport
pki_audit_signing_nickname=kra_audit_signing
-pki_ssl_server_nickname=sslserver
+pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
-pki_cert_chain_nickname=ca_signing
-#pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b
-pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt
pki_external_admin_cert_path=$PWD/tmp/kra_admin.crt
pki_external_storage_cert_path=$PWD/tmp/kra_storage.crt
pki_external_transport_cert_path=$PWD/tmp/kra_transport.crt
pki_external_audit_signing_cert_path=$PWD/tmp/kra_audit_signing.crt
pki_external_sslserver_cert_path=$PWD/tmp/sslserver.crt
pki_external_subsystem_cert_path=$PWD/tmp/subsystem.crt
+
+pki_admin_cert_path=$PWD/tmp/kra_admin.crt
+pki_storage_cert_path=$PWD/tmp/kra_storage.crt
+pki_transport_cert_path=$PWD/tmp/kra_transport.crt
+pki_audit_signing_cert_path=$PWD/tmp/kra_audit_signing.crt
+pki_sslserver_cert_path=$PWD/tmp/sslserver.crt
+pki_subsystem_cert_path=$PWD/tmp/subsystem.crt
EOF
-pkispawn -v -f tmp/kra-standalone-step2.cfg -s KRA
+pkispawn -f tmp/kra-standalone-step2.cfg -s KRA -v