diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-07-27 11:08:04 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-07-27 11:33:44 -0500 |
| commit | cc24216c89b276932cec08f8f462962b41abd24f (patch) | |
| tree | 8b574dd81a9d9ee9238435ccc55edf6498f1f7e9 | |
| parent | 08e99e5721c99db5e5780c0d7eb2dab1a8199778 (diff) | |
| download | pki-dev-cc24216c89b276932cec08f8f462962b41abd24f.tar.gz pki-dev-cc24216c89b276932cec08f8f462962b41abd24f.tar.xz pki-dev-cc24216c89b276932cec08f8f462962b41abd24f.zip | |
Fixed CA and cert scripts.
| -rwxr-xr-x | scripts/ca-certs.sh | 5 | ||||
| -rwxr-xr-x | scripts/ca-create.sh | 46 | ||||
| -rwxr-xr-x | scripts/ca-destroy.sh | 3 | ||||
| -rwxr-xr-x | scripts/ca-remove.sh | 12 | ||||
| -rwxr-xr-x | scripts/ca-spawn.sh | 3 | ||||
| -rw-r--r-- | scripts/ca.cfg | 7 | ||||
| -rwxr-xr-x | scripts/f17-setup.sh | 1 | ||||
| -rwxr-xr-x | scripts/firefox-certs-import.sh (renamed from scripts/certs-import.sh) | 6 | ||||
| -rwxr-xr-x | scripts/firefox-certs-list.sh (renamed from scripts/certs-list.sh) | 4 | ||||
| -rwxr-xr-x | scripts/firefox-certs-remove.sh (renamed from scripts/certs-remove.sh) | 1 |
10 files changed, 24 insertions, 64 deletions
diff --git a/scripts/ca-certs.sh b/scripts/ca-certs.sh new file mode 100755 index 0000000..a340966 --- /dev/null +++ b/scripts/ca-certs.sh @@ -0,0 +1,5 @@ +#!/bin/sh -x + +CLIENT_DIR=/tmp/pki-master_client + +certutil -L -d $CLIENT_DIR/alias -w `cat $CLIENT_DIR/password.conf` diff --git a/scripts/ca-create.sh b/scripts/ca-create.sh index 5b61bcc..b131f3d 100755 --- a/scripts/ca-create.sh +++ b/scripts/ca-create.sh @@ -1,47 +1,5 @@ #!/bin/sh -x -. ./ca-include.sh +pkispawn -f ca.cfg -s CA -v -if [ "$CA_SECURE_PORT" == "" ]; then - - pkicreate -pki_instance_root=$INSTANCE_ROOT \ - -pki_instance_name=$CA_INSTANCE_NAME \ - -subsystem_type=$CA_SUBSYSTEM_TYPE \ - -agent_secure_port=$CA_AGENT_SECURE_PORT \ - -ee_secure_port=$CA_EE_SECURE_PORT \ - -ee_secure_client_auth_port=$CA_EE_SECURE_CLIENT_AUTH_PORT \ - -admin_secure_port=$CA_ADMIN_SECURE_PORT \ - -unsecure_port=$CA_UNSECURE_PORT \ - -tomcat_server_port=$CA_TOMCAT_SERVER_PORT \ - -user=$INSTANCE_USER \ - -group=$INSTANCE_GROUP \ - -redirect conf=/etc/$CA_INSTANCE_NAME \ - -redirect logs=/var/log/$CA_INSTANCE_NAME \ - -verbose - -else - - pkicreate -pki_instance_root=$INSTANCE_ROOT \ - -pki_instance_name=$CA_INSTANCE_NAME \ - -subsystem_type=$CA_SUBSYSTEM_TYPE \ - -secure_port=$CA_SECURE_PORT \ - -unsecure_port=$CA_UNSECURE_PORT \ - -tomcat_server_port=$CA_TOMCAT_SERVER_PORT \ - -user=$INSTANCE_USER \ - -group=$INSTANCE_GROUP \ - -redirect conf=/etc/$CA_INSTANCE_NAME \ - -redirect logs=/var/log/$CA_INSTANCE_NAME \ - -verbose - -fi - -cd $INSTANCE_ROOT/$CA_INSTANCE_NAME - -ln -s /usr/share/tomcat6/bin bin -ln -s /usr/share/tomcat6/lib lib -rm -f webapps/ca/WEB-INF/lib/pki-* - -rm -rf webapps/ca/WEB-INF/classes -ln -s $SRC_DIR/pki/build/classes webapps/ca/WEB-INF - -systemctl restart pki-cad@$CA_INSTANCE_NAME.service +./ca-restart.sh diff --git a/scripts/ca-destroy.sh b/scripts/ca-destroy.sh deleted file mode 100755 index 0d4d382..0000000 --- a/scripts/ca-destroy.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -x - -pkidestroy -s CA -i pki-master diff --git a/scripts/ca-remove.sh b/scripts/ca-remove.sh index 7a42c3d..8394720 100755 --- a/scripts/ca-remove.sh +++ b/scripts/ca-remove.sh @@ -1,7 +1,11 @@ #!/bin/sh -x -. ./ca-include.sh +INSTANCE_NAME=pki-master -pkiremove -pki_instance_root=$INSTANCE_ROOT \ - -pki_instance_name=$CA_INSTANCE_NAME \ - -force +pkidestroy -s CA -i $INSTANCE_NAME + +rm -rf /etc/pki/$INSTANCE_NAME +rm -rf /etc/sysconfig/$INSTANCE_NAME +rm -rf /etc/sysconfig/pki/tomcat/$INSTANCE_NAME +rm -rf /var/lib/pki/$INSTANCE_NAME +rm -rf /var/log/pki/$INSTANCE_NAME diff --git a/scripts/ca-spawn.sh b/scripts/ca-spawn.sh deleted file mode 100755 index 21ba088..0000000 --- a/scripts/ca-spawn.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -x - -pkispawn -f ca.cfg -s CA diff --git a/scripts/ca.cfg b/scripts/ca.cfg index 51d0a33..c175c6d 100644 --- a/scripts/ca.cfg +++ b/scripts/ca.cfg @@ -11,8 +11,8 @@ pki_admin_password=Secret123 pki_backup_password= pki_client_pkcs12_password=Secret123 +pki_clone_pkcs12_password=Secret123 pki_ds_password=Secret123 -pki_pkcs12_password=Secret123 pki_security_domain_password=Secret123 ############################################################################### ## 'Common' Data: ## @@ -31,7 +31,7 @@ pki_admin_dualkey=False pki_admin_email= pki_admin_keysize=2048 pki_admin_name=admin -pki_admin_nickname= +pki_admin_nickname=admin pki_admin_subject_dn= pki_admin_uid=admin pki_audit_group=pkiaudit @@ -78,7 +78,7 @@ pki_user=pkiuser ## required information which MAY be overridden by users as necessary. ## ############################################################################### [Apache] -pki_instance_name=apache +pki_instance_name=pki-apache pki_http_port=80 pki_https_port=443 ############################################################################### @@ -183,7 +183,6 @@ pki_ocsp_signing_nickname= pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn= pki_ocsp_signing_token= -pki_subordinate=False pki_subsystem=OCSP pki_subsystem_name= pki_war_name=ocsp.war diff --git a/scripts/f17-setup.sh b/scripts/f17-setup.sh index 7a669cc..215263a 100755 --- a/scripts/f17-setup.sh +++ b/scripts/f17-setup.sh @@ -21,6 +21,7 @@ yum install -y\ snakeyaml\ glassfish-fi\ txw2\ + tomcat\ jetty-version-maven-plugin\ maven\ maven-checkstyle-plugin\ diff --git a/scripts/certs-import.sh b/scripts/firefox-certs-import.sh index 6c25805..35b6939 100755 --- a/scripts/certs-import.sh +++ b/scripts/firefox-certs-import.sh @@ -5,11 +5,11 @@ FIREFOX_DIR=~/.mozilla/firefox PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` -input=$SRC_DIR/pki-dev/certs/ca/ca-client-certs.p12 -input=/tmp/pki-master_client/ca_admin_cert.p12 +CLIENT_DIR=/tmp/pki-master_client +input=$CLIENT_DIR/ca_admin_cert.p12 pk12util -i $input -d $FIREFOX_DIR/$PROFILE -W Secret123 -certutil -M -n $CA_ADMIN_NAME -t u,u,u -d $FIREFOX_DIR/$PROFILE +certutil -M -n admin -t u,u,u -d $FIREFOX_DIR/$PROFILE #pk12util -i $SRC_DIR/pki-dev/certs/kra/kra-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123 #certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE diff --git a/scripts/certs-list.sh b/scripts/firefox-certs-list.sh index 4e55245..bb14fb2 100755 --- a/scripts/certs-list.sh +++ b/scripts/firefox-certs-list.sh @@ -3,6 +3,4 @@ FIREFOX_DIR=~/.mozilla/firefox PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` -cd $FIREFOX_DIR/$PROFILE - -certutil -L -d . +certutil -L -d $FIREFOX_DIR/$PROFILE diff --git a/scripts/certs-remove.sh b/scripts/firefox-certs-remove.sh index 97439e1..907e8ed 100755 --- a/scripts/certs-remove.sh +++ b/scripts/firefox-certs-remove.sh @@ -7,6 +7,7 @@ PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` cd $FIREFOX_DIR/$PROFILE +certutil -D -n "admin" -d . certutil -D -n "$CA_ADMIN_NAME" -d . certutil -D -n "kraadmin" -d . certutil -D -n "$CA_SUBSYSTEM_NAME - $REALM" -d . |