diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-07-30 15:13:05 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-07-31 01:33:55 -0500 |
| commit | 9ef5dd2e5186ac00c9ed75b5d552f360c5295ce7 (patch) | |
| tree | 2b5f6eec0d6d969fc9f1ae5b3c1729173bb0a424 | |
| parent | 368bcdb23a9f8eded389681eaffe3680cc7c2b7e (diff) | |
| download | pki-dev-9ef5dd2e5186ac00c9ed75b5d552f360c5295ce7.tar.gz pki-dev-9ef5dd2e5186ac00c9ed75b5d552f360c5295ce7.tar.xz pki-dev-9ef5dd2e5186ac00c9ed75b5d552f360c5295ce7.zip | |
Added cert request scripts.
| -rwxr-xr-x | scripts/ca-rebuild.sh | 5 | ||||
| -rw-r--r-- | scripts/ca.cfg | 30 | ||||
| -rwxr-xr-x | scripts/cert-request-approve.sh | 9 | ||||
| -rwxr-xr-x | scripts/cert-request-review.sh | 11 | ||||
| -rwxr-xr-x | scripts/cert-request-submit.sh | 4 | ||||
| -rw-r--r-- | scripts/cert-request.xml | 32 |
6 files changed, 80 insertions, 11 deletions
diff --git a/scripts/ca-rebuild.sh b/scripts/ca-rebuild.sh index 4a7b086..82a781c 100755 --- a/scripts/ca-rebuild.sh +++ b/scripts/ca-rebuild.sh @@ -1,6 +1,6 @@ #!/bin/sh -x -./certs-remove.sh +./firefox-certs-remove.sh ./ca-remove.sh ./core-uninstall.sh ./core-remove-rpms.sh @@ -9,5 +9,4 @@ ./core-install.sh ./ca-create.sh -./ca-configure.sh -./certs-import.sh +./firefox-certs-import.sh diff --git a/scripts/ca.cfg b/scripts/ca.cfg index c175c6d..c0899e3 100644 --- a/scripts/ca.cfg +++ b/scripts/ca.cfg @@ -9,11 +9,13 @@ ############################################################################### [Sensitive] pki_admin_password=Secret123 -pki_backup_password= +pki_backup_password=Secret123 +pki_client_database_password=Secret123 pki_client_pkcs12_password=Secret123 pki_clone_pkcs12_password=Secret123 pki_ds_password=Secret123 pki_security_domain_password=Secret123 +pki_token_password=Secret123 ############################################################################### ## 'Common' Data: ## ## ## @@ -42,8 +44,10 @@ pki_audit_signing_nickname= pki_audit_signing_signing_algorithm=SHA256withRSA pki_audit_signing_subject_dn= pki_audit_signing_token= -pki_backup_file= pki_backup_keys=False +pki_client_database_dir= +pki_client_database_purge=False +pki_client_dir= pki_ds_base_dn= pki_ds_bind_dn=cn=Directory Manager pki_ds_database= @@ -53,6 +57,7 @@ pki_ds_ldaps_port=636 pki_ds_remove_data=True pki_ds_secure_connection=False pki_group=pkiuser +pki_restart_configured_instance=True pki_security_domain_hostname= pki_security_domain_https_port=8443 pki_security_domain_name=EXAMPLE @@ -69,6 +74,7 @@ pki_subsystem_key_type=rsa pki_subsystem_nickname= pki_subsystem_subject_dn= pki_subsystem_token= +pki_token_name=internal pki_user=pkiuser ############################################################################### ## 'Apache' Data: ## @@ -99,12 +105,16 @@ pki_https_port=443 [Tomcat] pki_ajp_port=8010 pki_clone=False +pki_clone_pkcs12_path= +pki_clone_replication_security=None +pki_clone_uri= pki_enable_java_debugger=False +pki_enable_proxy=False pki_http_port=8013 pki_https_port=8015 pki_instance_name=pki-master -pki_proxy_http_port= -pki_proxy_https_port= +pki_proxy_http_port=80 +pki_proxy_https_port=443 pki_security_manager=false pki_tomcat_server_port=8019 ############################################################################### @@ -132,6 +142,10 @@ pki_ca_signing_signing_algorithm=SHA256withRSA pki_ca_signing_subject_dn= pki_ca_signing_token= pki_external=False +pki_external_ca_cert_chain_path= +pki_external_ca_cert_path= +pki_external_csr_path= +pki_external_step_two=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa @@ -142,7 +156,7 @@ pki_ocsp_signing_token= pki_subordinate=False pki_subsystem=CA pki_subsystem_name= -pki_war_name=ca.war +pki_war_file=ca.war ############################################################################### ## 'KRA' Data: ## ## ## @@ -167,7 +181,7 @@ pki_transport_nickname= pki_transport_signing_algorithm=SHA256withRSA pki_transport_subject_dn= pki_transport_token= -pki_war_name=kra.war +pki_war_file=kra.war ############################################################################### ## 'OCSP' Data: ## ## ## @@ -185,7 +199,7 @@ pki_ocsp_signing_subject_dn= pki_ocsp_signing_token= pki_subsystem=OCSP pki_subsystem_name= -pki_war_name=ocsp.war +pki_war_file=ocsp.war ############################################################################### ## 'RA' Data: ## ## ## @@ -205,7 +219,7 @@ pki_subsystem_name= [TKS] pki_subsystem=TKS pki_subsystem_name= -pki_war_name=tks.war +pki_war_file=tks.war ############################################################################### ## 'TPS' Data: ## ## ## diff --git a/scripts/cert-request-approve.sh b/scripts/cert-request-approve.sh new file mode 100755 index 0000000..dd0413a --- /dev/null +++ b/scripts/cert-request-approve.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +INSTANCE_NAME=pki-master +TEST_DIR=/tmp/${INSTANCE_NAME}_client +CLIENT_CERT_DIR=$TEST_DIR/alias +CLIENT_CERT_PASSWORD=`cat $TEST_DIR/password.conf` + +# Approve request as an agent +pki -U https://localhost:8015/ca -d $CLIENT_CERT_DIR -w $CLIENT_CERT_PASSWORD -n admin cert-request-approve cert-request-review.xml diff --git a/scripts/cert-request-review.sh b/scripts/cert-request-review.sh new file mode 100755 index 0000000..a90be39 --- /dev/null +++ b/scripts/cert-request-review.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +REQUEST_ID=$1 + +INSTANCE_NAME=pki-master +TEST_DIR=/tmp/${INSTANCE_NAME}_client +CLIENT_CERT_DIR=$TEST_DIR/alias +CLIENT_CERT_PASSWORD=`cat $TEST_DIR/password.conf` + +# Review request as an agent +pki -U https://localhost:8015/ca -d $CLIENT_CERT_DIR -w $CLIENT_CERT_PASSWORD -n admin cert-request-review $REQUEST_ID --output cert-request-review.xml diff --git a/scripts/cert-request-submit.sh b/scripts/cert-request-submit.sh new file mode 100755 index 0000000..8ef8a2d --- /dev/null +++ b/scripts/cert-request-submit.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +# Submit request anonymously +pki -U http://localhost:8013/ca cert-request-submit cert-request.xml diff --git a/scripts/cert-request.xml b/scripts/cert-request.xml new file mode 100644 index 0000000..b858f3a --- /dev/null +++ b/scripts/cert-request.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<EnrollmentRequest>
+ <profileId>caUserCert</profileId>
+ <isRenewal>false</isRenewal>
+ <Input>
+ <InputAttrs>
+ <InputAttr name="cert_request_type">crmf</InputAttr>
+ <InputAttr name="cert_request">MIIBozCCAZ8wggEFAgQBMQp8MIHHgAECpQ4wDDEKMAgGA1UEAxMBeKaBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2NgaPHp0jiohcP4M+ufrJOZEqH8GV+liu5JLbT8nWpkfhC+8EUBqT6g+n3qroSxIcNVGNdcsBEqs1utvpItzyslAbpdyat3WwQep1dWMzo6RHrPDuIoxNA0Yka1n3qEX4U//08cLQtUv2bYglYgN/hOCNQemLV6vZWAv0n7zelkCAwEAAakQMA4GA1UdDwEB/wQEAwIF4DAzMBUGCSsGAQUFBwUBAQwIcmVnVG9rZW4wGgYJKwYBBQUHBQECDA1hdXRoZW50aWNhdG9yoYGTMA0GCSqGSIb3DQEBBQUAA4GBAJ1VOQcaSEhdHa94s8kifVbSZ2WZeYE5//qxL6wVlEst20vq4ybj13CetnbN3+WT49Zkwp7Fg+6lALKgSk47suTg3EbbQDm+8yOrC0nc/q4PTRoHl0alMmUxIhirYc1t3xoCMqJewmjX1bNP8lpVIZAYFZo4eZCpZaiSkM5BeHhz</InputAttr>
+ </InputAttrs>
+ <inputId>KeyGenInput</inputId>
+ </Input>
+ <Input>
+ <InputAttrs>
+ <InputAttr name="sn_uid">testuser</InputAttr>
+ <InputAttr name="sn_e">testuser@example.com</InputAttr>
+ <InputAttr name="sn_c">US</InputAttr>
+ <InputAttr name="sn_ou">Engineering</InputAttr>
+ <InputAttr name="sn_cn">Test User</InputAttr>
+ <InputAttr name="sn_o">Example</InputAttr>
+ </InputAttrs>
+ <inputId>SubjectNameInput</inputId>
+ </Input>
+ <Input>
+ <InputAttrs>
+ <InputAttr name="requestor_name">admin</InputAttr>
+ <InputAttr name="requestor_email">admin@example.com</InputAttr>
+ <InputAttr name="requestor_phone">123-456-7890</InputAttr>
+ </InputAttrs>
+ <inputId>SubmitterInfoInput</inputId>
+ </Input>
+</EnrollmentRequest>
+
|