summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-10-20 21:19:31 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-10-20 21:19:31 +0200
commit8dd424c1f7e4ea2b8a21eb186d2ce7e75588e949 (patch)
tree0ff8a70af8e76b98d6214f68962993a975e8c9af
parent1adf9a0cac7ff5ddebe30db4c380133ff3718b8a (diff)
downloadpki-dev-8dd424c1f7e4ea2b8a21eb186d2ce7e75588e949.tar.gz
pki-dev-8dd424c1f7e4ea2b8a21eb186d2ce7e75588e949.tar.xz
pki-dev-8dd424c1f7e4ea2b8a21eb186d2ce7e75588e949.zip
Updated KRA scripts.
-rwxr-xr-xscripts/kra-create.sh22
-rwxr-xr-xscripts/kra-external-step1.sh60
-rwxr-xr-xscripts/kra-external-step2.sh70
-rwxr-xr-xscripts/kra-remote-create.sh54
-rwxr-xr-xscripts/kra-remote-remove.sh4
-rwxr-xr-xscripts/kra-standalone-step1.sh32
-rwxr-xr-xscripts/kra-standalone-step2.sh36
-rwxr-xr-xscripts/kra_admin-cmc-sign.sh3
-rwxr-xr-xscripts/kra_audit_signing-cmc-sign.sh3
-rwxr-xr-xscripts/kra_storage-cmc-sign.sh3
-rwxr-xr-xscripts/kra_transport-cmc-sign.sh3
11 files changed, 241 insertions, 49 deletions
diff --git a/scripts/kra-create.sh b/scripts/kra-create.sh
index 60e0662..09b9a93 100755
--- a/scripts/kra-create.sh
+++ b/scripts/kra-create.sh
@@ -2,17 +2,26 @@
mkdir -p tmp
+CA_HOSTNAME=`cat tmp/ca.hostname`
+
cat > tmp/kra.cfg << EOF
[DEFAULT]
pki_pin=Secret.123
[KRA]
+#pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert
+
#pki_import_admin_cert=False
+#pki_import_admin_pkcs12_file=/root/.dogtag/pki-tomcat/ca_admin_cert.p12
+#pki_import_admin_pkcs12_password=Secret.123
+#pki_import_admin_pkcs12_nickname=caadmin
-#pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert
-pki_import_admin_pkcs12_file=/root/.dogtag/pki-tomcat/ca_admin_cert.p12
-pki_import_admin_pkcs12_password=Secret.123
-pki_import_admin_pkcs12_nickname=caadmin
+pki_import_admin_cert=False
+pki_admin_email=kraadmin@example.com
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_password=Secret.123
+pki_admin_uid=kraadmin
pki_admin_email=kraadmin@example.com
pki_admin_name=kraadmin
@@ -36,15 +45,15 @@ pki_client_pkcs12_password=Secret.123
pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
pki_ds_password=Secret.123
-#pki_ds_database=userRoot
-#pki_ds_database=pki
pki_ds_database=kra
#pki_ds_create_new_db=False
#pki_ds_remove_data=False
+pki_security_domain_hostname=$CA_HOSTNAME
pki_security_domain_name=EXAMPLE
pki_security_domain_user=caadmin
pki_security_domain_password=Secret.123
+
#pki_token_password=Secret.123
#pki_share_db=False
@@ -58,3 +67,4 @@ EOF
pkispawn -f tmp/kra.cfg -s KRA
#/bin/cp /var/lib/pki/pki-tomcat/alias/kra_backup_keys.p12 .
+echo $HOSTNAME > tmp/kra.hostname
diff --git a/scripts/kra-external-step1.sh b/scripts/kra-external-step1.sh
new file mode 100755
index 0000000..8c2157f
--- /dev/null
+++ b/scripts/kra-external-step1.sh
@@ -0,0 +1,60 @@
+#!/bin/sh -x
+
+mkdir -p tmp
+
+CA_HOSTNAME=`cat tmp/ca.hostname`
+
+cat > tmp/kra-external-step1.cfg << EOF
+[DEFAULT]
+pki_pin=Secret.123
+
+[KRA]
+pki_admin_email=kraadmin@example.com
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_password=Secret.123
+pki_admin_uid=kraadmin
+
+#pki_backup_keys=True
+#pki_backup_password=Secret.123
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
+pki_ds_password=Secret.123
+pki_ds_database=kra
+
+pki_security_domain_hostname=$CA_HOSTNAME
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_token_password=Secret.123
+
+pki_external=True
+pki_external_step_two=False
+
+pki_storage_nickname=kra_storage
+pki_transport_nickname=kra_transport
+pki_audit_signing_nickname=kra_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem
+
+#pki_external_storage_csr_path=tmp/kra_storage.csr
+#pki_external_transport_csr_path=tmp/kra_transport.csr
+#pki_external_subsystem_csr_path=tmp/subsystem.csr
+#pki_external_sslserver_csr_path=tmp/sslserver.csr
+#pki_external_audit_signing_csr_path=tmp/kra_audit_signing.csr
+#pki_external_admin_csr_path=tmp/kra_admin.csr
+
+pki_storage_csr_path=tmp/kra_storage.csr
+pki_transport_csr_path=tmp/kra_transport.csr
+pki_subsystem_csr_path=tmp/subsystem.csr
+pki_sslserver_csr_path=tmp/sslserver.csr
+pki_audit_signing_csr_path=tmp/kra_audit_signing.csr
+pki_admin_csr_path=tmp/kra_admin.csr
+EOF
+
+pkispawn -f tmp/kra-external-step1.cfg -s KRA
diff --git a/scripts/kra-external-step2.sh b/scripts/kra-external-step2.sh
new file mode 100755
index 0000000..628986e
--- /dev/null
+++ b/scripts/kra-external-step2.sh
@@ -0,0 +1,70 @@
+#!/bin/sh -x
+
+mkdir -p tmp
+
+CA_HOSTNAME=`cat tmp/ca.hostname`
+
+cat > tmp/kra-external-step2.cfg << EOF
+[DEFAULT]
+pki_pin=Secret.123
+
+[KRA]
+pki_admin_email=kraadmin@example.com
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_password=Secret.123
+pki_admin_uid=kraadmin
+
+#pki_backup_keys=True
+#pki_backup_password=Secret.123
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
+pki_ds_password=Secret.123
+pki_ds_database=kra
+
+pki_security_domain_hostname=$CA_HOSTNAME
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_token_password=Secret.123
+
+pki_external=True
+pki_external_step_two=True
+
+#pki_cert_chain_nickname=External CA
+
+#pki_cert_chain_path=tmp/cert_chain.p7b
+#pki_cert_chain_path=tmp/external.crt
+
+#pki_ca_signing_nickname=ca_signing
+
+#pki_external_ca_signing_cert_path=tmp/ca_signing.crt
+#pki_ca_signing_cert_path=tmp/ca_signing.crt
+
+pki_storage_nickname=kra_storage
+pki_transport_nickname=kra_transport
+pki_audit_signing_nickname=kra_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem
+
+#pki_external_storage_cert_path=tmp/kra_storage.crt
+#pki_external_transport_cert_path=tmp/kra_transport.crt
+#pki_external_subsystem_cert_path=tmp/subsystem.crt
+#pki_external_sslserver_cert_path=tmp/sslserver.crt
+#pki_external_audit_signing_cert_path=tmp/kra_audit_signing.crt
+#pki_external_admin_cert_path=tmp/kra_admin.crt
+
+pki_storage_cert_path=tmp/kra_storage.crt
+pki_transport_cert_path=tmp/kra_transport.crt
+pki_subsystem_cert_path=tmp/subsystem.crt
+pki_sslserver_cert_path=tmp/sslserver.crt
+pki_audit_signing_cert_path=tmp/kra_audit_signing.crt
+pki_admin_cert_path=$PWD/tmp/kra_admin.crt
+EOF
+
+pkispawn -f tmp/kra-external-step2.cfg -s KRA
diff --git a/scripts/kra-remote-create.sh b/scripts/kra-remote-create.sh
index a56cb29..90af51f 100755
--- a/scripts/kra-remote-create.sh
+++ b/scripts/kra-remote-create.sh
@@ -1,6 +1,54 @@
#!/bin/sh -x
-cp external.crt /tmp
-cp cert_chain.p7b /tmp
+mkdir -p tmp
-pkispawn -vvv -f kra-remote.cfg -s KRA
+CA_HOSTNAME=`cat tmp/ca.hostname`
+
+#cp external.crt /tmp
+#cp cert_chain.p7b /tmp
+
+cat > tmp/kra.cfg << EOF
+[DEFAULT]
+#pki_instance_name=pki-tomcat
+#pki_http_port=18080
+#pki_https_port=18443
+pki_pin=Secret.123
+
+[Tomcat]
+#pki_ajp_port=18009
+#pki_tomcat_server_port=18005
+
+[KRA]
+#pki_admin_cert_file=ca_admin.cert
+pki_import_admin_cert=False
+pki_admin_email=kraadmin@example.com
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_password=Secret.123
+pki_admin_uid=kraadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
+pki_ds_database=kra
+pki_ds_password=Secret.123
+
+pki_security_domain_hostname=$CA_HOSTNAME
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_token_password=Secret.123
+
+#pki_server_pkcs12_path=pki-server.p12
+#pki_server_pkcs12_password=Secret.123
+
+pki_storage_nickname=kra_storage
+pki_transport_nickname=kra_transport
+pki_audit_signing_nickname=kra_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem
+EOF
+
+pkispawn -vvv -f tmp/kra.cfg -s KRA
diff --git a/scripts/kra-remote-remove.sh b/scripts/kra-remote-remove.sh
index c88b3e5..8fa132d 100755
--- a/scripts/kra-remote-remove.sh
+++ b/scripts/kra-remote-remove.sh
@@ -1,4 +1,4 @@
#!/bin/sh -x
-pkidestroy -v -s KRA -i pki-kra
-#pkidestroy -v -s KRA -i pki-kra -u caadmin -W password
+pkidestroy -v -s KRA -i pki-tomcat
+#pkidestroy -v -s KRA -i pki-tomcat -u caadmin -W password
diff --git a/scripts/kra-standalone-step1.sh b/scripts/kra-standalone-step1.sh
index bfb6c83..4db8878 100755
--- a/scripts/kra-standalone-step1.sh
+++ b/scripts/kra-standalone-step1.sh
@@ -35,22 +35,20 @@ pki_transport_nickname=kra_transport
pki_audit_signing_nickname=kra_audit_signing
pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
-#pki_cert_chain_nickname=ca_signing
-#pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
-
-pki_external_admin_csr_path=$PWD/tmp/kra_admin.csr
-pki_external_audit_signing_csr_path=$PWD/tmp/kra_audit_signing.csr
-pki_external_sslserver_csr_path=$PWD/tmp/sslserver.csr
-pki_external_storage_csr_path=$PWD/tmp/kra_storage.csr
-pki_external_subsystem_csr_path=$PWD/tmp/subsystem.csr
-pki_external_transport_csr_path=$PWD/tmp/kra_transport.csr
-
-pki_admin_csr_path=$PWD/tmp/kra_admin.csr
-pki_audit_signing_csr_path=$PWD/tmp/kra_audit_signing.csr
-pki_sslserver_csr_path=$PWD/tmp/sslserver.csr
-pki_storage_csr_path=$PWD/tmp/kra_storage.csr
-pki_subsystem_csr_path=$PWD/tmp/subsystem.csr
-pki_transport_csr_path=$PWD/tmp/kra_transport.csr
+
+#pki_external_storage_csr_path=tmp/kra_storage.csr
+#pki_external_transport_csr_path=tmp/kra_transport.csr
+#pki_external_subsystem_csr_path=tmp/subsystem.csr
+#pki_external_sslserver_csr_path=tmp/sslserver.csr
+#pki_external_audit_signing_csr_path=tmp/kra_audit_signing.csr
+#pki_external_admin_csr_path=tmp/kra_admin.csr
+
+pki_storage_csr_path=tmp/kra_storage.csr
+pki_transport_csr_path=tmp/kra_transport.csr
+pki_subsystem_csr_path=tmp/subsystem.csr
+pki_sslserver_csr_path=tmp/sslserver.csr
+pki_audit_signing_csr_path=tmp/kra_audit_signing.csr
+pki_admin_csr_path=tmp/kra_admin.csr
EOF
-pkispawn -f tmp/kra-standalone-step1.cfg -s KRA -v
+pkispawn -f tmp/kra-standalone-step1.cfg -s KRA
diff --git a/scripts/kra-standalone-step2.sh b/scripts/kra-standalone-step2.sh
index 2264d5d..c678ba9 100755
--- a/scripts/kra-standalone-step2.sh
+++ b/scripts/kra-standalone-step2.sh
@@ -31,9 +31,11 @@ pki_standalone=True
pki_external_step_two=True
#pki_cert_chain_nickname=ca_signing
-pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
-#pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b
-pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt
+#pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
+#pki_external_ca_cert_chain_path=tmp/cert_chain.p7b
+
+#pki_ca_signing_nickname=ca_signing
+#pki_external_ca_cert_path=tmp/ca_signing.crt
pki_storage_nickname=kra_storage
pki_transport_nickname=kra_transport
@@ -41,19 +43,19 @@ pki_audit_signing_nickname=kra_audit_signing
pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
-pki_external_admin_cert_path=$PWD/tmp/kra_admin.crt
-pki_external_storage_cert_path=$PWD/tmp/kra_storage.crt
-pki_external_transport_cert_path=$PWD/tmp/kra_transport.crt
-pki_external_audit_signing_cert_path=$PWD/tmp/kra_audit_signing.crt
-pki_external_sslserver_cert_path=$PWD/tmp/sslserver.crt
-pki_external_subsystem_cert_path=$PWD/tmp/subsystem.crt
-
-pki_admin_cert_path=$PWD/tmp/kra_admin.crt
-pki_storage_cert_path=$PWD/tmp/kra_storage.crt
-pki_transport_cert_path=$PWD/tmp/kra_transport.crt
-pki_audit_signing_cert_path=$PWD/tmp/kra_audit_signing.crt
-pki_sslserver_cert_path=$PWD/tmp/sslserver.crt
-pki_subsystem_cert_path=$PWD/tmp/subsystem.crt
+#pki_external_storage_cert_path=tmp/kra_storage.crt
+#pki_external_transport_cert_path=tmp/kra_transport.crt
+#pki_external_subsystem_cert_path=tmp/subsystem.crt
+#pki_external_sslserver_cert_path=tmp/sslserver.crt
+#pki_external_audit_signing_cert_path=tmp/kra_audit_signing.crt
+#pki_external_admin_cert_path=tmp/kra_admin.crt
+
+pki_storage_cert_path=tmp/kra_storage.crt
+pki_transport_cert_path=tmp/kra_transport.crt
+pki_subsystem_cert_path=tmp/subsystem.crt
+pki_sslserver_cert_path=tmp/sslserver.crt
+pki_audit_signing_cert_path=tmp/kra_audit_signing.crt
+pki_admin_cert_path=tmp/kra_admin.crt
EOF
-pkispawn -f tmp/kra-standalone-step2.cfg -s KRA -v
+pkispawn -f tmp/kra-standalone-step2.cfg -s KRA
diff --git a/scripts/kra_admin-cmc-sign.sh b/scripts/kra_admin-cmc-sign.sh
index 1f472c1..b5ce79e 100755
--- a/scripts/kra_admin-cmc-sign.sh
+++ b/scripts/kra_admin-cmc-sign.sh
@@ -59,7 +59,8 @@ tokenname=internal
nickname=caadmin
# CMC servlet path
-servlet=/ca/ee/ca/profileSubmitCMCFull
+#servlet=/ca/ee/ca/profileSubmitCMCFull
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caFullCMCUserSignedCert
# Path for the CMC request.
input=tmp/kra_admin-cmc-request.bin
diff --git a/scripts/kra_audit_signing-cmc-sign.sh b/scripts/kra_audit_signing-cmc-sign.sh
index 5a5bbb5..334f3cd 100755
--- a/scripts/kra_audit_signing-cmc-sign.sh
+++ b/scripts/kra_audit_signing-cmc-sign.sh
@@ -59,7 +59,8 @@ tokenname=internal
nickname=caadmin
# CMC servlet path
-servlet=/ca/ee/ca/profileSubmitCMCFullAuditSigningCert
+#servlet=/ca/ee/ca/profileSubmitCMCFullAuditSigningCert
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCauditSigningCert
# Path for the CMC request.
input=tmp/kra_audit_signing-cmc-request.bin
diff --git a/scripts/kra_storage-cmc-sign.sh b/scripts/kra_storage-cmc-sign.sh
index 298e390..ea9dc93 100755
--- a/scripts/kra_storage-cmc-sign.sh
+++ b/scripts/kra_storage-cmc-sign.sh
@@ -59,7 +59,8 @@ tokenname=internal
nickname=caadmin
# CMC servlet path
-servlet=/ca/ee/ca/profileSubmitCMCFullKRAstorageCert
+#servlet=/ca/ee/ca/profileSubmitCMCFullKRAstorageCert
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCkraStorageCert
# Path for the CMC request.
input=tmp/kra_storage-cmc-request.bin
diff --git a/scripts/kra_transport-cmc-sign.sh b/scripts/kra_transport-cmc-sign.sh
index 1c82f5e..77ff39d 100755
--- a/scripts/kra_transport-cmc-sign.sh
+++ b/scripts/kra_transport-cmc-sign.sh
@@ -59,7 +59,8 @@ tokenname=internal
nickname=caadmin
# CMC servlet path
-servlet=/ca/ee/ca/profileSubmitCMCFullKRAtransportCert
+#servlet=/ca/ee/ca/profileSubmitCMCFullKRAtransportCert
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCkraTransportCert
# Path for the CMC request.
input=tmp/kra_transport-cmc-request.bin