summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-10-20 21:20:39 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-10-20 21:20:39 +0200
commitd0e5507677f62e0f63c87f7f0d817e8225900bef (patch)
tree02af7a02f0b4ec8fe87beefbd17ee22cb68ddc71
parent8dd424c1f7e4ea2b8a21eb186d2ce7e75588e949 (diff)
downloadpki-dev-d0e5507677f62e0f63c87f7f0d817e8225900bef.zip
pki-dev-d0e5507677f62e0f63c87f7f0d817e8225900bef.tar.gz
pki-dev-d0e5507677f62e0f63c87f7f0d817e8225900bef.tar.xz
Updated OCSP scripts.
-rwxr-xr-xscripts/ocsp-external-step1.sh58
-rwxr-xr-xscripts/ocsp-external-step2.sh68
-rwxr-xr-xscripts/ocsp-standalone-step1.sh31
-rwxr-xr-xscripts/ocsp-standalone-step2.sh36
-rwxr-xr-xscripts/ocsp-test.sh9
-rwxr-xr-xscripts/ocsp_admin-cmc-sign.sh3
-rwxr-xr-xscripts/ocsp_audit_signing-cmc-sign.sh3
-rwxr-xr-xscripts/ocsp_signing-cmc-sign.sh3
8 files changed, 175 insertions, 36 deletions
diff --git a/scripts/ocsp-external-step1.sh b/scripts/ocsp-external-step1.sh
new file mode 100755
index 0000000..fd6a3af
--- /dev/null
+++ b/scripts/ocsp-external-step1.sh
@@ -0,0 +1,58 @@
+#!/bin/sh -x
+
+mkdir -p tmp
+
+CA_HOSTNAME=`cat tmp/ca.hostname`
+
+cat > tmp/ocsp-external-step1.cfg << EOF
+[DEFAULT]
+pki_pin=Secret.123
+
+[OCSP]
+pki_admin_email=ocspadmin@example.com
+pki_admin_name=ocspadmin
+pki_admin_nickname=ocspadmin
+pki_admin_password=Secret.123
+pki_admin_uid=ocspadmin
+
+#pki_backup_keys=True
+#pki_backup_password=Secret.123
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ocsp,dc=pki,dc=example,dc=com
+pki_ds_password=Secret.123
+pki_ds_database=ocsp
+
+pki_security_domain_hostname=$CA_HOSTNAME
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_token_password=Secret.123
+
+pki_external=True
+pki_external_step_two=False
+
+pki_ca_signing_nickname=ca_signing
+pki_ocsp_signing_nickname=ocsp_signing
+pki_audit_signing_nickname=ocsp_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem
+
+#pki_external_signing_csr_path=tmp/ocsp_signing.csr
+#pki_external_subsystem_csr_path=tmp/subsystem.csr
+#pki_external_sslserver_csr_path=tmp/sslserver.csr
+#pki_external_admin_csr_path=tmp/ocsp_admin.csr
+#pki_external_audit_signing_csr_path=tmp/ocsp_audit_signing.csr
+
+pki_ocsp_signing_csr_path=tmp/ocsp_signing.csr
+pki_subsystem_csr_path=tmp/subsystem.csr
+pki_sslserver_csr_path=tmp/sslserver.csr
+pki_audit_signing_csr_path=tmp/ocsp_audit_signing.csr
+pki_admin_csr_path=tmp/ocsp_admin.csr
+EOF
+
+pkispawn -f tmp/ocsp-external-step1.cfg -s OCSP
diff --git a/scripts/ocsp-external-step2.sh b/scripts/ocsp-external-step2.sh
new file mode 100755
index 0000000..f93aa1c
--- /dev/null
+++ b/scripts/ocsp-external-step2.sh
@@ -0,0 +1,68 @@
+#!/bin/sh -x
+
+mkdir -p tmp
+
+CA_HOSTNAME=`cat tmp/ca.hostname`
+
+cat > tmp/ocsp-external-step2.cfg << EOF
+[DEFAULT]
+pki_pin=Secret.123
+
+[OCSP]
+pki_admin_email=ocspadmin@example.com
+pki_admin_name=ocspadmin
+pki_admin_nickname=ocspadmin
+pki_admin_password=Secret.123
+pki_admin_uid=ocspadmin
+
+#pki_backup_keys=True
+#pki_backup_password=Secret.123
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ocsp,dc=pki,dc=example,dc=com
+pki_ds_password=Secret.123
+pki_ds_database=ocsp
+
+pki_security_domain_hostname=$CA_HOSTNAME
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_token_password=Secret.123
+
+pki_external=True
+pki_external_step_two=True
+
+#pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
+#pki_cert_chain_nickname=External CA
+
+#pki_cert_chain_path=tmp/cert_chain.p7b
+#pki_cert_chain_path=tmp/external.crt
+
+#pki_ca_signing_nickname=ca_signing
+
+#pki_external_ca_cert_path=tmp/ca_signing.crt
+#pki_ca_signing_cert_path=tmp/ca_signing.crt
+
+pki_ocsp_signing_nickname=ocsp_signing
+pki_audit_signing_nickname=ocsp_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem
+
+#pki_external_signing_cert_path=tmp/ocsp_signing.crt
+#pki_external_subsystem_cert_path=tmp/subsystem.crt
+#pki_external_sslserver_cert_path=tmp/sslserver.crt
+#pki_external_audit_signing_cert_path=tmp/ocsp_audit_signing.crt
+#pki_external_admin_cert_path=tmp/ocsp_admin.crt
+
+pki_ocsp_signing_cert_path=tmp/ocsp_signing.crt
+pki_subsystem_cert_path=tmp/subsystem.crt
+pki_sslserver_cert_path=tmp/sslserver.crt
+pki_audit_signing_cert_path=tmp/ocsp_audit_signing.crt
+pki_admin_cert_path=tmp/ocsp_admin.crt
+EOF
+
+pkispawn -f tmp/ocsp-external-step2.cfg -s OCSP
diff --git a/scripts/ocsp-standalone-step1.sh b/scripts/ocsp-standalone-step1.sh
index 50c284a..4805313 100755
--- a/scripts/ocsp-standalone-step1.sh
+++ b/scripts/ocsp-standalone-step1.sh
@@ -31,22 +31,21 @@ pki_standalone=True
pki_external_step_two=False
pki_ocsp_signing_nickname=ocsp_signing
-pki_audit_signing_nickname=ocsp_audit_signing
-pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
-#pki_cert_chain_nickname=ca_signing
-
-pki_external_admin_csr_path=$PWD/tmp/ocsp_admin.csr
-pki_external_audit_signing_csr_path=$PWD/tmp/ocsp_audit_signing.csr
-pki_external_signing_csr_path=$PWD/tmp/ocsp_signing.csr
-pki_external_sslserver_csr_path=$PWD/tmp/sslserver.csr
-pki_external_subsystem_csr_path=$PWD/tmp/subsystem.csr
-
-pki_admin_csr_path=$PWD/tmp/ocsp_admin.csr
-pki_audit_signing_csr_path=$PWD/tmp/ocsp_audit_signing.csr
-pki_ocsp_signing_csr_path=$PWD/tmp/ocsp_signing.csr
-pki_sslserver_csr_path=$PWD/tmp/sslserver.csr
-pki_subsystem_csr_path=$PWD/tmp/subsystem.csr
+pki_sslserver_nickname=sslserver
+pki_audit_signing_nickname=ocsp_audit_signing
+
+#pki_external_signing_csr_path=tmp/ocsp_signing.csr
+#pki_external_subsystem_csr_path=tmp/subsystem.csr
+#pki_external_sslserver_csr_path=tmp/sslserver.csr
+#pki_external_audit_signing_csr_path=tmp/ocsp_audit_signing.csr
+#pki_external_admin_csr_path=tmp/ocsp_admin.csr
+
+pki_ocsp_signing_csr_path=tmp/ocsp_signing.csr
+pki_subsystem_csr_path=tmp/subsystem.csr
+pki_sslserver_csr_path=tmp/sslserver.csr
+pki_audit_signing_csr_path=tmp/ocsp_audit_signing.csr
+pki_admin_csr_path=tmp/ocsp_admin.csr
EOF
-pkispawn -f tmp/ocsp-standalone-step1.cfg -s OCSP -v
+pkispawn -f tmp/ocsp-standalone-step1.cfg -s OCSP
diff --git a/scripts/ocsp-standalone-step2.sh b/scripts/ocsp-standalone-step2.sh
index 5737ddb..16a4e50 100755
--- a/scripts/ocsp-standalone-step2.sh
+++ b/scripts/ocsp-standalone-step2.sh
@@ -31,26 +31,28 @@ pki_standalone=True
pki_external_step_two=True
#pki_cert_chain_nickname=ca_signing
-pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
-#pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b
-pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt
+#pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
+#pki_external_ca_cert_chain_path=tmp/cert_chain.p7b
+
+#pki_ca_signing_nickname=ca_signing
+#pki_external_ca_cert_path=tmp/ca_signing.crt
pki_ocsp_signing_nickname=ocsp_signing
-pki_audit_signing_nickname=ocsp_audit_signing
-pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
+pki_sslserver_nickname=sslserver
+pki_audit_signing_nickname=ocsp_audit_signing
-pki_external_admin_cert_path=$PWD/tmp/ocsp_admin.crt
-pki_external_signing_cert_path=$PWD/tmp/ocsp_signing.crt
-pki_external_audit_signing_cert_path=$PWD/tmp/ocsp_audit_signing.crt
-pki_external_sslserver_cert_path=$PWD/tmp/sslserver.crt
-pki_external_subsystem_cert_path=$PWD/tmp/subsystem.crt
-
-pki_admin_cert_path=$PWD/tmp/ocsp_admin.crt
-pki_ocsp_signing_cert_path=$PWD/tmp/ocsp_signing.crt
-pki_audit_signing_cert_path=$PWD/tmp/ocsp_audit_signing.crt
-pki_sslserver_cert_path=$PWD/tmp/sslserver.crt
-pki_subsystem_cert_path=$PWD/tmp/subsystem.crt
+#pki_external_signing_cert_path=tmp/ocsp_signing.crt
+#pki_external_subsystem_cert_path=tmp/subsystem.crt
+#pki_external_sslserver_cert_path=tmp/sslserver.crt
+#pki_external_audit_signing_cert_path=tmp/ocsp_audit_signing.crt
+#pki_external_admin_cert_path=tmp/ocsp_admin.crt
+
+pki_ocsp_signing_cert_path=tmp/ocsp_signing.crt
+pki_subsystem_cert_path=tmp/subsystem.crt
+pki_sslserver_cert_path=tmp/sslserver.crt
+pki_audit_signing_cert_path=tmp/ocsp_audit_signing.crt
+pki_admin_cert_path=tmp/ocsp_admin.crt
EOF
-pkispawn -f tmp/ocsp-standalone-step2.cfg -s OCSP -v
+pkispawn -f tmp/ocsp-standalone-step2.cfg -s OCSP
diff --git a/scripts/ocsp-test.sh b/scripts/ocsp-test.sh
new file mode 100755
index 0000000..3069f8e
--- /dev/null
+++ b/scripts/ocsp-test.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+OCSPClient \
+ -d /etc/pki/pki-tomcat/alias \
+ -c "ca_signing" \
+ -h $HOSTNAME \
+ -p 8080 \
+ -t /ocsp/ee/ocsp \
+ --serial 8
diff --git a/scripts/ocsp_admin-cmc-sign.sh b/scripts/ocsp_admin-cmc-sign.sh
index 2e4fb41..afb8b7d 100755
--- a/scripts/ocsp_admin-cmc-sign.sh
+++ b/scripts/ocsp_admin-cmc-sign.sh
@@ -59,7 +59,8 @@ tokenname=internal
nickname=caadmin
# CMC servlet path
-servlet=/ca/ee/ca/profileSubmitCMCFull
+#servlet=/ca/ee/ca/profileSubmitCMCFull
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caFullCMCUserSignedCert
# Path for the CMC request.
input=tmp/ocsp_admin-cmc-request.bin
diff --git a/scripts/ocsp_audit_signing-cmc-sign.sh b/scripts/ocsp_audit_signing-cmc-sign.sh
index f8c657c..5fb01d5 100755
--- a/scripts/ocsp_audit_signing-cmc-sign.sh
+++ b/scripts/ocsp_audit_signing-cmc-sign.sh
@@ -59,7 +59,8 @@ tokenname=internal
nickname=caadmin
# CMC servlet path
-servlet=/ca/ee/ca/profileSubmitCMCFullAuditSigningCert
+#servlet=/ca/ee/ca/profileSubmitCMCFullAuditSigningCert
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCauditSigningCert
# Path for the CMC request.
input=tmp/ocsp_audit_signing-cmc-request.bin
diff --git a/scripts/ocsp_signing-cmc-sign.sh b/scripts/ocsp_signing-cmc-sign.sh
index 685f1a3..ab7e071 100755
--- a/scripts/ocsp_signing-cmc-sign.sh
+++ b/scripts/ocsp_signing-cmc-sign.sh
@@ -59,7 +59,8 @@ tokenname=internal
nickname=caadmin
# CMC servlet path
-servlet=/ca/ee/ca/profileSubmitCMCFullOCSPCert
+#servlet=/ca/ee/ca/profileSubmitCMCFullOCSPCert
+servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCocspCert
# Path for the CMC request.
input=tmp/ocsp_signing-cmc-request.bin