diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-10-20 21:20:39 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-10-20 21:20:39 +0200 |
commit | d0e5507677f62e0f63c87f7f0d817e8225900bef (patch) | |
tree | 02af7a02f0b4ec8fe87beefbd17ee22cb68ddc71 | |
parent | 8dd424c1f7e4ea2b8a21eb186d2ce7e75588e949 (diff) | |
download | pki-dev-d0e5507677f62e0f63c87f7f0d817e8225900bef.tar.gz pki-dev-d0e5507677f62e0f63c87f7f0d817e8225900bef.tar.xz pki-dev-d0e5507677f62e0f63c87f7f0d817e8225900bef.zip |
Updated OCSP scripts.
-rwxr-xr-x | scripts/ocsp-external-step1.sh | 58 | ||||
-rwxr-xr-x | scripts/ocsp-external-step2.sh | 68 | ||||
-rwxr-xr-x | scripts/ocsp-standalone-step1.sh | 31 | ||||
-rwxr-xr-x | scripts/ocsp-standalone-step2.sh | 36 | ||||
-rwxr-xr-x | scripts/ocsp-test.sh | 9 | ||||
-rwxr-xr-x | scripts/ocsp_admin-cmc-sign.sh | 3 | ||||
-rwxr-xr-x | scripts/ocsp_audit_signing-cmc-sign.sh | 3 | ||||
-rwxr-xr-x | scripts/ocsp_signing-cmc-sign.sh | 3 |
8 files changed, 175 insertions, 36 deletions
diff --git a/scripts/ocsp-external-step1.sh b/scripts/ocsp-external-step1.sh new file mode 100755 index 0000000..fd6a3af --- /dev/null +++ b/scripts/ocsp-external-step1.sh @@ -0,0 +1,58 @@ +#!/bin/sh -x + +mkdir -p tmp + +CA_HOSTNAME=`cat tmp/ca.hostname` + +cat > tmp/ocsp-external-step1.cfg << EOF +[DEFAULT] +pki_pin=Secret.123 + +[OCSP] +pki_admin_email=ocspadmin@example.com +pki_admin_name=ocspadmin +pki_admin_nickname=ocspadmin +pki_admin_password=Secret.123 +pki_admin_uid=ocspadmin + +#pki_backup_keys=True +#pki_backup_password=Secret.123 + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=ocsp,dc=pki,dc=example,dc=com +pki_ds_password=Secret.123 +pki_ds_database=ocsp + +pki_security_domain_hostname=$CA_HOSTNAME +pki_security_domain_name=EXAMPLE +pki_security_domain_user=caadmin +pki_security_domain_password=Secret.123 + +pki_token_password=Secret.123 + +pki_external=True +pki_external_step_two=False + +pki_ca_signing_nickname=ca_signing +pki_ocsp_signing_nickname=ocsp_signing +pki_audit_signing_nickname=ocsp_audit_signing +pki_sslserver_nickname=sslserver +pki_subsystem_nickname=subsystem + +#pki_external_signing_csr_path=tmp/ocsp_signing.csr +#pki_external_subsystem_csr_path=tmp/subsystem.csr +#pki_external_sslserver_csr_path=tmp/sslserver.csr +#pki_external_admin_csr_path=tmp/ocsp_admin.csr +#pki_external_audit_signing_csr_path=tmp/ocsp_audit_signing.csr + +pki_ocsp_signing_csr_path=tmp/ocsp_signing.csr +pki_subsystem_csr_path=tmp/subsystem.csr +pki_sslserver_csr_path=tmp/sslserver.csr +pki_audit_signing_csr_path=tmp/ocsp_audit_signing.csr +pki_admin_csr_path=tmp/ocsp_admin.csr +EOF + +pkispawn -f tmp/ocsp-external-step1.cfg -s OCSP diff --git a/scripts/ocsp-external-step2.sh b/scripts/ocsp-external-step2.sh new file mode 100755 index 0000000..f93aa1c --- /dev/null +++ b/scripts/ocsp-external-step2.sh @@ -0,0 +1,68 @@ +#!/bin/sh -x + +mkdir -p tmp + +CA_HOSTNAME=`cat tmp/ca.hostname` + +cat > tmp/ocsp-external-step2.cfg << EOF +[DEFAULT] +pki_pin=Secret.123 + +[OCSP] +pki_admin_email=ocspadmin@example.com +pki_admin_name=ocspadmin +pki_admin_nickname=ocspadmin +pki_admin_password=Secret.123 +pki_admin_uid=ocspadmin + +#pki_backup_keys=True +#pki_backup_password=Secret.123 + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=ocsp,dc=pki,dc=example,dc=com +pki_ds_password=Secret.123 +pki_ds_database=ocsp + +pki_security_domain_hostname=$CA_HOSTNAME +pki_security_domain_name=EXAMPLE +pki_security_domain_user=caadmin +pki_security_domain_password=Secret.123 + +pki_token_password=Secret.123 + +pki_external=True +pki_external_step_two=True + +#pki_cert_chain_nickname=Root CA Signing Certificate - ROOT +#pki_cert_chain_nickname=External CA + +#pki_cert_chain_path=tmp/cert_chain.p7b +#pki_cert_chain_path=tmp/external.crt + +#pki_ca_signing_nickname=ca_signing + +#pki_external_ca_cert_path=tmp/ca_signing.crt +#pki_ca_signing_cert_path=tmp/ca_signing.crt + +pki_ocsp_signing_nickname=ocsp_signing +pki_audit_signing_nickname=ocsp_audit_signing +pki_sslserver_nickname=sslserver +pki_subsystem_nickname=subsystem + +#pki_external_signing_cert_path=tmp/ocsp_signing.crt +#pki_external_subsystem_cert_path=tmp/subsystem.crt +#pki_external_sslserver_cert_path=tmp/sslserver.crt +#pki_external_audit_signing_cert_path=tmp/ocsp_audit_signing.crt +#pki_external_admin_cert_path=tmp/ocsp_admin.crt + +pki_ocsp_signing_cert_path=tmp/ocsp_signing.crt +pki_subsystem_cert_path=tmp/subsystem.crt +pki_sslserver_cert_path=tmp/sslserver.crt +pki_audit_signing_cert_path=tmp/ocsp_audit_signing.crt +pki_admin_cert_path=tmp/ocsp_admin.crt +EOF + +pkispawn -f tmp/ocsp-external-step2.cfg -s OCSP diff --git a/scripts/ocsp-standalone-step1.sh b/scripts/ocsp-standalone-step1.sh index 50c284a..4805313 100755 --- a/scripts/ocsp-standalone-step1.sh +++ b/scripts/ocsp-standalone-step1.sh @@ -31,22 +31,21 @@ pki_standalone=True pki_external_step_two=False pki_ocsp_signing_nickname=ocsp_signing -pki_audit_signing_nickname=ocsp_audit_signing -pki_sslserver_nickname=sslserver pki_subsystem_nickname=subsystem -#pki_cert_chain_nickname=ca_signing - -pki_external_admin_csr_path=$PWD/tmp/ocsp_admin.csr -pki_external_audit_signing_csr_path=$PWD/tmp/ocsp_audit_signing.csr -pki_external_signing_csr_path=$PWD/tmp/ocsp_signing.csr -pki_external_sslserver_csr_path=$PWD/tmp/sslserver.csr -pki_external_subsystem_csr_path=$PWD/tmp/subsystem.csr - -pki_admin_csr_path=$PWD/tmp/ocsp_admin.csr -pki_audit_signing_csr_path=$PWD/tmp/ocsp_audit_signing.csr -pki_ocsp_signing_csr_path=$PWD/tmp/ocsp_signing.csr -pki_sslserver_csr_path=$PWD/tmp/sslserver.csr -pki_subsystem_csr_path=$PWD/tmp/subsystem.csr +pki_sslserver_nickname=sslserver +pki_audit_signing_nickname=ocsp_audit_signing + +#pki_external_signing_csr_path=tmp/ocsp_signing.csr +#pki_external_subsystem_csr_path=tmp/subsystem.csr +#pki_external_sslserver_csr_path=tmp/sslserver.csr +#pki_external_audit_signing_csr_path=tmp/ocsp_audit_signing.csr +#pki_external_admin_csr_path=tmp/ocsp_admin.csr + +pki_ocsp_signing_csr_path=tmp/ocsp_signing.csr +pki_subsystem_csr_path=tmp/subsystem.csr +pki_sslserver_csr_path=tmp/sslserver.csr +pki_audit_signing_csr_path=tmp/ocsp_audit_signing.csr +pki_admin_csr_path=tmp/ocsp_admin.csr EOF -pkispawn -f tmp/ocsp-standalone-step1.cfg -s OCSP -v +pkispawn -f tmp/ocsp-standalone-step1.cfg -s OCSP diff --git a/scripts/ocsp-standalone-step2.sh b/scripts/ocsp-standalone-step2.sh index 5737ddb..16a4e50 100755 --- a/scripts/ocsp-standalone-step2.sh +++ b/scripts/ocsp-standalone-step2.sh @@ -31,26 +31,28 @@ pki_standalone=True pki_external_step_two=True #pki_cert_chain_nickname=ca_signing -pki_cert_chain_nickname=Root CA Signing Certificate - ROOT -#pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b -pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt +#pki_cert_chain_nickname=Root CA Signing Certificate - ROOT +#pki_external_ca_cert_chain_path=tmp/cert_chain.p7b + +#pki_ca_signing_nickname=ca_signing +#pki_external_ca_cert_path=tmp/ca_signing.crt pki_ocsp_signing_nickname=ocsp_signing -pki_audit_signing_nickname=ocsp_audit_signing -pki_sslserver_nickname=sslserver pki_subsystem_nickname=subsystem +pki_sslserver_nickname=sslserver +pki_audit_signing_nickname=ocsp_audit_signing -pki_external_admin_cert_path=$PWD/tmp/ocsp_admin.crt -pki_external_signing_cert_path=$PWD/tmp/ocsp_signing.crt -pki_external_audit_signing_cert_path=$PWD/tmp/ocsp_audit_signing.crt -pki_external_sslserver_cert_path=$PWD/tmp/sslserver.crt -pki_external_subsystem_cert_path=$PWD/tmp/subsystem.crt - -pki_admin_cert_path=$PWD/tmp/ocsp_admin.crt -pki_ocsp_signing_cert_path=$PWD/tmp/ocsp_signing.crt -pki_audit_signing_cert_path=$PWD/tmp/ocsp_audit_signing.crt -pki_sslserver_cert_path=$PWD/tmp/sslserver.crt -pki_subsystem_cert_path=$PWD/tmp/subsystem.crt +#pki_external_signing_cert_path=tmp/ocsp_signing.crt +#pki_external_subsystem_cert_path=tmp/subsystem.crt +#pki_external_sslserver_cert_path=tmp/sslserver.crt +#pki_external_audit_signing_cert_path=tmp/ocsp_audit_signing.crt +#pki_external_admin_cert_path=tmp/ocsp_admin.crt + +pki_ocsp_signing_cert_path=tmp/ocsp_signing.crt +pki_subsystem_cert_path=tmp/subsystem.crt +pki_sslserver_cert_path=tmp/sslserver.crt +pki_audit_signing_cert_path=tmp/ocsp_audit_signing.crt +pki_admin_cert_path=tmp/ocsp_admin.crt EOF -pkispawn -f tmp/ocsp-standalone-step2.cfg -s OCSP -v +pkispawn -f tmp/ocsp-standalone-step2.cfg -s OCSP diff --git a/scripts/ocsp-test.sh b/scripts/ocsp-test.sh new file mode 100755 index 0000000..3069f8e --- /dev/null +++ b/scripts/ocsp-test.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +OCSPClient \ + -d /etc/pki/pki-tomcat/alias \ + -c "ca_signing" \ + -h $HOSTNAME \ + -p 8080 \ + -t /ocsp/ee/ocsp \ + --serial 8 diff --git a/scripts/ocsp_admin-cmc-sign.sh b/scripts/ocsp_admin-cmc-sign.sh index 2e4fb41..afb8b7d 100755 --- a/scripts/ocsp_admin-cmc-sign.sh +++ b/scripts/ocsp_admin-cmc-sign.sh @@ -59,7 +59,8 @@ tokenname=internal nickname=caadmin # CMC servlet path -servlet=/ca/ee/ca/profileSubmitCMCFull +#servlet=/ca/ee/ca/profileSubmitCMCFull +servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caFullCMCUserSignedCert # Path for the CMC request. input=tmp/ocsp_admin-cmc-request.bin diff --git a/scripts/ocsp_audit_signing-cmc-sign.sh b/scripts/ocsp_audit_signing-cmc-sign.sh index f8c657c..5fb01d5 100755 --- a/scripts/ocsp_audit_signing-cmc-sign.sh +++ b/scripts/ocsp_audit_signing-cmc-sign.sh @@ -59,7 +59,8 @@ tokenname=internal nickname=caadmin # CMC servlet path -servlet=/ca/ee/ca/profileSubmitCMCFullAuditSigningCert +#servlet=/ca/ee/ca/profileSubmitCMCFullAuditSigningCert +servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCauditSigningCert # Path for the CMC request. input=tmp/ocsp_audit_signing-cmc-request.bin diff --git a/scripts/ocsp_signing-cmc-sign.sh b/scripts/ocsp_signing-cmc-sign.sh index 685f1a3..ab7e071 100755 --- a/scripts/ocsp_signing-cmc-sign.sh +++ b/scripts/ocsp_signing-cmc-sign.sh @@ -59,7 +59,8 @@ tokenname=internal nickname=caadmin # CMC servlet path -servlet=/ca/ee/ca/profileSubmitCMCFullOCSPCert +#servlet=/ca/ee/ca/profileSubmitCMCFullOCSPCert +servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCocspCert # Path for the CMC request. input=tmp/ocsp_signing-cmc-request.bin |