Added other scripts for Dogtag 9.

33 files changed, 439 insertions, 0 deletions

diff --git a/dogtag-9/ca-configure.sh b/dogtag-9/ca-configure.sh
new file mode 100755
index 0000000..2f1257e
--- /dev/null
+++ b/dogtag-9/ca-configure.sh
@@ -0,0 +1,56 @@
+#!/bin/sh -x
+
+. ./ca-include.sh
+
+PIN=`grep preop.pin= $INSTANCE_ROOT/$CA_INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'`
+
+CERTS=$INSTANCE_ROOT/$CA_INSTANCE_NAME/certs
+rm -rf $CERTS
+mkdir -p $CERTS
+
+if [ "$CA_SECURE_PORT" == "" ]; then
+    PORT="$CA_ADMIN_SECURE_PORT"
+else
+    PORT="$CA_SECURE_PORT"
+fi
+
+pkisilent ConfigureCA \
+        -cs_hostname $HOSTNAME \
+        -cs_port $PORT \
+        -preop_pin $PIN \
+        -client_certdb_dir "$CERTS" \
+        -client_certdb_pwd "$PASSWORD" \
+        -token_name "internal" \
+        -domain_name "$REALM" \
+        -subsystem_name "$CA_SUBSYSTEM_NAME" \
+        -ldap_host "$CA_LDAP_HOST" \
+        -ldap_port "$CA_LDAP_PORT" \
+        -base_dn "$CA_LDAP_BASE_DN" \
+        -db_name "$CA_LDAP_DATABASE" \
+        -bind_dn "$CA_LDAP_BIND_DN" \
+        -bind_password "$CA_LDAP_PASSWORD" \
+        -remove_data true \
+        -key_type rsa \
+        -key_size 2048 \
+        -key_algorithm SHA256withRSA \
+        -signing_signingalgorithm SHA256withRSA \
+        -save_p12 true \
+        -backup_fname "$CERTS/ca-server-certs.p12" \
+        -backup_pwd "$PASSWORD" \
+        -ca_sign_cert_subject_name "$CA_SIGN_CERT_SUBJECT_NAME" \
+        -ca_ocsp_cert_subject_name "$CA_OCSP_CERT_SUBJECT_NAME" \
+        -ca_server_cert_subject_name "$CA_SERVER_CERT_SUBJECT_NAME" \
+        -ca_subsystem_cert_subject_name "$CA_SUBSYSTEM_CERT_SUBJECT_NAME" \
+        -ca_audit_signing_cert_subject_name "$CA_AUDIT_SIGNING_CERT_SUBJECT_NAME" \
+        -admin_user "$CA_ADMIN_USER" \
+        -agent_name "$CA_ADMIN_NAME" \
+        -admin_email "$CA_ADMIN_EMAIL" \
+        -admin_password "$CA_ADMIN_PASSWORD" \
+        -agent_key_size 2048 \
+        -agent_key_type rsa \
+        -agent_cert_subject "$CA_ADMIN_CERT_SUBJECT"
+
+echo $PASSWORD > "$CERTS/password.txt"
+PKCS12Export -d "$CERTS" -o "$CERTS/ca-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt"
+
+systemctl restart pki-cad@$CA_INSTANCE_NAME.service
diff --git a/dogtag-9/ca-console.sh b/dogtag-9/ca-console.sh
new file mode 100755
index 0000000..f596e6a
--- /dev/null
+++ b/dogtag-9/ca-console.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+pkiconsole https://$HOSTNAME:9443/ca
diff --git a/dogtag-9/ca-create.sh b/dogtag-9/ca-create.sh
new file mode 100755
index 0000000..5b61bcc
--- /dev/null
+++ b/dogtag-9/ca-create.sh
@@ -0,0 +1,47 @@
+#!/bin/sh -x
+
+. ./ca-include.sh
+
+if [ "$CA_SECURE_PORT" == "" ]; then
+
+    pkicreate -pki_instance_root=$INSTANCE_ROOT		\
+          -pki_instance_name=$CA_INSTANCE_NAME		\
+          -subsystem_type=$CA_SUBSYSTEM_TYPE		\
+          -agent_secure_port=$CA_AGENT_SECURE_PORT	\
+          -ee_secure_port=$CA_EE_SECURE_PORT		\
+          -ee_secure_client_auth_port=$CA_EE_SECURE_CLIENT_AUTH_PORT	\
+          -admin_secure_port=$CA_ADMIN_SECURE_PORT	\
+          -unsecure_port=$CA_UNSECURE_PORT		\
+          -tomcat_server_port=$CA_TOMCAT_SERVER_PORT	\
+          -user=$INSTANCE_USER				\
+          -group=$INSTANCE_GROUP			\
+          -redirect conf=/etc/$CA_INSTANCE_NAME		\
+          -redirect logs=/var/log/$CA_INSTANCE_NAME	\
+          -verbose
+
+else
+
+    pkicreate -pki_instance_root=$INSTANCE_ROOT		\
+          -pki_instance_name=$CA_INSTANCE_NAME		\
+          -subsystem_type=$CA_SUBSYSTEM_TYPE		\
+          -secure_port=$CA_SECURE_PORT			\
+          -unsecure_port=$CA_UNSECURE_PORT		\
+          -tomcat_server_port=$CA_TOMCAT_SERVER_PORT	\
+          -user=$INSTANCE_USER				\
+          -group=$INSTANCE_GROUP			\
+          -redirect conf=/etc/$CA_INSTANCE_NAME		\
+          -redirect logs=/var/log/$CA_INSTANCE_NAME	\
+          -verbose
+
+fi
+
+cd $INSTANCE_ROOT/$CA_INSTANCE_NAME
+
+ln -s /usr/share/tomcat6/bin bin
+ln -s /usr/share/tomcat6/lib lib
+rm -f webapps/ca/WEB-INF/lib/pki-*
+
+rm -rf webapps/ca/WEB-INF/classes
+ln -s $SRC_DIR/pki/build/classes webapps/ca/WEB-INF
+
+systemctl restart pki-cad@$CA_INSTANCE_NAME.service
diff --git a/dogtag-9/ca-include.sh b/dogtag-9/ca-include.sh
new file mode 100755
index 0000000..8d2c454
--- /dev/null
+++ b/dogtag-9/ca-include.sh
@@ -0,0 +1,43 @@
+#!/bin/sh -x
+
+SRC_DIR="`cd ../.. ; pwd`"
+
+DOMAIN="example.com"
+REALM="EXAMPLE-COM"
+PASSWORD="Secret123"
+
+INSTANCE_ROOT="/var/lib"
+INSTANCE_USER="pkiuser"
+INSTANCE_GROUP="pkiuser"
+
+CA_INSTANCE_NAME="pki-ca"
+
+CA_SUBSYSTEM_TYPE="ca"
+CA_SUBSYSTEM_NAME="Certificate Authority"
+
+CA_SECURE_PORT="9443"
+CA_AGENT_SECURE_PORT="9443"
+CA_EE_SECURE_PORT="9444"
+CA_ADMIN_SECURE_PORT="9445"
+CA_EE_SECURE_CLIENT_AUTH_PORT="9446"
+CA_UNSECURE_PORT="9180"
+CA_TOMCAT_SERVER_PORT="9701"
+
+CA_LDAP_HOST="$HOSTNAME"
+CA_LDAP_PORT="389"
+CA_LDAP_DATABASE="$DOMAIN-$INSTANCE_NAME"
+CA_LDAP_BASE_DN="ou=ca,dc=example,dc=com"
+CA_LDAP_BIND_DN="cn=Directory Manager"
+CA_LDAP_PASSWORD="$PASSWORD"
+
+CA_SIGN_CERT_SUBJECT_NAME="CN=$CA_SUBSYSTEM_NAME,O=$REALM"
+CA_OCSP_CERT_SUBJECT_NAME="CN=OCSP Signing Certificate,O=$REALM"
+CA_SERVER_CERT_SUBJECT_NAME="CN=$HOSTNAME,O=$REALM"
+CA_SUBSYSTEM_CERT_SUBJECT_NAME="CN=CA Subsystem Certificate,O=$REALM"
+CA_AUDIT_SIGNING_CERT_SUBJECT_NAME="CN=CA Audit Signing Certificate,O=$REALM"
+
+CA_ADMIN_USER="caadmin"
+CA_ADMIN_NAME="$CA_ADMIN_USER"
+CA_ADMIN_EMAIL="$CA_ADMIN_USER@$DOMAIN"
+CA_ADMIN_PASSWORD="$PASSWORD"
+CA_ADMIN_CERT_SUBJECT="CN=$CA_ADMIN_NAME,UID=$CA_ADMIN_USER,E=$CA_ADMIN_EMAIL,O=$REALM"
diff --git a/dogtag-9/ca-remove.sh b/dogtag-9/ca-remove.sh
new file mode 100755
index 0000000..7a42c3d
--- /dev/null
+++ b/dogtag-9/ca-remove.sh
@@ -0,0 +1,7 @@
+#!/bin/sh -x
+
+. ./ca-include.sh
+
+pkiremove -pki_instance_root=$INSTANCE_ROOT	\
+	-pki_instance_name=$CA_INSTANCE_NAME	\
+	-force
diff --git a/dogtag-9/ca-restart.sh b/dogtag-9/ca-restart.sh
new file mode 100755
index 0000000..eb7f0c1
--- /dev/null
+++ b/dogtag-9/ca-restart.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl restart pki-cad@pki-ca.service
diff --git a/dogtag-9/ca-start.sh b/dogtag-9/ca-start.sh
new file mode 100755
index 0000000..ff7ba41
--- /dev/null
+++ b/dogtag-9/ca-start.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl start pki-cad@pki-ca.service
diff --git a/dogtag-9/ca-stop.sh b/dogtag-9/ca-stop.sh
new file mode 100755
index 0000000..55254fc
--- /dev/null
+++ b/dogtag-9/ca-stop.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl stop pki-cad@pki-ca.service
diff --git a/dogtag-9/console-build.sh b/dogtag-9/console-build.sh
new file mode 100755
index 0000000..28d036f
--- /dev/null
+++ b/dogtag-9/console-build.sh
@@ -0,0 +1,21 @@
+#!/bin/sh -x
+
+WORK_DIR=`pwd`
+PROJECT_DIR=`cd ../.. ; pwd`
+COMPONENT=console
+
+mkdir -p $WORK_DIR/build
+rm -rf $WORK_DIR/build/$COMPONENT
+
+cd $PROJECT_DIR
+rm -rf packages
+mkdir -p packages
+
+pki/scripts/compose_pki_${COMPONENT}_packages rpms | tee packages/build.log
+
+mv packages $WORK_DIR/build/$COMPONENT
+cd $WORK_DIR/build/$COMPONENT
+
+mkdir -p repo
+mv `find RPMS -name *.rpm` repo
+createrepo repo
diff --git a/dogtag-9/console-compile.sh b/dogtag-9/console-compile.sh
new file mode 100755
index 0000000..fc52fe8
--- /dev/null
+++ b/dogtag-9/console-compile.sh
@@ -0,0 +1,24 @@
+#!/bin/sh -x
+
+SRC_DIR=`cd ../.. ; pwd`
+
+cd $SRC_DIR/pki
+
+mkdir -p build
+cd build
+
+cmake\
+ -DCMAKE_VERBOSE_MAKEFILE=ON\
+ -DCMAKE_INSTALL_PREFIX:PATH=/usr\
+ -DINCLUDE_INSTALL_DIR:PATH=/usr/include\
+ -DLIB_INSTALL_DIR:PATH=/usr/lib64\
+ -DSYSCONF_INSTALL_DIR:PATH=/etc\
+ -DSHARE_INSTALL_PREFIX:PATH=/usr/share\
+ -DLIB_SUFFIX=64\
+ -DBUILD_SHARED_LIBS:BOOL=ON\
+ -DVAR_INSTALL_DIR:PATH=/var\
+ -DBUILD_PKI_CONSOLE:BOOL=ON\
+ -DWITH_JAVADOC=OFF\
+ -DJAVA_LIB_INSTALL_DIR=/usr/lib64/java ..
+
+make all install
diff --git a/dogtag-9/console-install.sh b/dogtag-9/console-install.sh
new file mode 100755
index 0000000..40b768d
--- /dev/null
+++ b/dogtag-9/console-install.sh
@@ -0,0 +1,9 @@
+#!/bin/sh -x
+
+WORK_DIR=`pwd`
+PROJECT_DIR=`cd ../.. ; pwd`
+COMPONENT=console
+
+cd $WORK_DIR/build/$COMPONENT/repo
+
+yum install -y *.rpm
diff --git a/dogtag-9/console-rebuild.sh b/dogtag-9/console-rebuild.sh
new file mode 100755
index 0000000..c111895
--- /dev/null
+++ b/dogtag-9/console-rebuild.sh
@@ -0,0 +1,6 @@
+#!/bin/sh -x
+
+./console-build.sh
+
+./console-uninstall.sh
+./console-install.sh
diff --git a/dogtag-9/console-reinstall.sh b/dogtag-9/console-reinstall.sh
new file mode 100755
index 0000000..94deeff
--- /dev/null
+++ b/dogtag-9/console-reinstall.sh
@@ -0,0 +1,4 @@
+#!/bin/sh -x
+
+./console-uninstall.sh
+./console-install.sh
diff --git a/dogtag-9/console-uninstall.sh b/dogtag-9/console-uninstall.sh
new file mode 100755
index 0000000..b330088
--- /dev/null
+++ b/dogtag-9/console-uninstall.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+yum erase -y pki-console
diff --git a/dogtag-9/core-rebuild.sh b/dogtag-9/core-rebuild.sh
new file mode 100755
index 0000000..3c79a1d
--- /dev/null
+++ b/dogtag-9/core-rebuild.sh
@@ -0,0 +1,6 @@
+#!/bin/sh -x
+
+./core-build.sh
+
+./core-uninstall.sh
+./core-install.sh
diff --git a/dogtag-9/ds-create.sh b/dogtag-9/ds-create.sh
new file mode 100755
index 0000000..ee68802
--- /dev/null
+++ b/dogtag-9/ds-create.sh
@@ -0,0 +1,11 @@
+#!/bin/sh -x
+
+setup-ds.pl --silent --\
+	General.FullMachineName=$HOSTNAME\
+	General.SuiteSpotUserID=dirsrv\
+	General.SuiteSpotGroup=dirsrv\
+	slapd.ServerPort=389\
+	slapd.ServerIdentifier=pki-master\
+	slapd.Suffix=dc=example,dc=com\
+	slapd.RootDN="cn=Directory Manager"\
+	slapd.RootDNPwd=Secret123
diff --git a/dogtag-9/ds-install.sh b/dogtag-9/ds-install.sh
new file mode 100755
index 0000000..679a8ae
--- /dev/null
+++ b/dogtag-9/ds-install.sh
@@ -0,0 +1,15 @@
+#!/bin/sh -x
+
+yum install -y\
+	389-ds-base\
+ 	389-adminutil\
+ 	389-admin-console\
+ 	389-admin-console-doc\
+ 	389-console\
+ 	389-dsgw\
+ 	389-ds-console\
+ 	389-ds-console-doc\
+ 	389-ds-base-libs\
+ 	389-admin\
+ 	389-ds\
+ 	389-ds-base-devel
diff --git a/dogtag-9/ds-remove.sh b/dogtag-9/ds-remove.sh
new file mode 100755
index 0000000..4ec570c
--- /dev/null
+++ b/dogtag-9/ds-remove.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+remove-ds.pl -f -i slapd-pki-master
diff --git a/dogtag-9/ds-restart.sh b/dogtag-9/ds-restart.sh
new file mode 100755
index 0000000..94b92ea
--- /dev/null
+++ b/dogtag-9/ds-restart.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl restart dirsrv@pki-master.service
diff --git a/dogtag-9/ds-start.sh b/dogtag-9/ds-start.sh
new file mode 100755
index 0000000..6f38aa6
--- /dev/null
+++ b/dogtag-9/ds-start.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl start dirsrv@pki-master.service
diff --git a/dogtag-9/ds-status.sh b/dogtag-9/ds-status.sh
new file mode 100755
index 0000000..1e1715f
--- /dev/null
+++ b/dogtag-9/ds-status.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl status dirsrv@pki-master.service
diff --git a/dogtag-9/ds-stop.sh b/dogtag-9/ds-stop.sh
new file mode 100755
index 0000000..61d56e9
--- /dev/null
+++ b/dogtag-9/ds-stop.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl stop dirsrv@pki-master.service
diff --git a/dogtag-9/ds-uninstall.sh b/dogtag-9/ds-uninstall.sh
new file mode 100755
index 0000000..6b8d448
--- /dev/null
+++ b/dogtag-9/ds-uninstall.sh
@@ -0,0 +1,17 @@
+#!/bin/sh -x
+
+yum erase -y\
+	389-ds-base-devel\
+	389-ds-base\
+ 	389-adminutil\
+ 	389-admin-console\
+ 	389-admin-console-doc\
+ 	389-console\
+ 	389-dsgw\
+ 	389-ds-console\
+ 	389-ds-console-doc\
+ 	389-ds-base-libs\
+ 	389-admin\
+ 	389-ds
+
+rm -rf /var/lock/dirsrv
diff --git a/dogtag-9/firefox-certs-import.sh b/dogtag-9/firefox-certs-import.sh
new file mode 100755
index 0000000..b2490bf
--- /dev/null
+++ b/dogtag-9/firefox-certs-import.sh
@@ -0,0 +1,12 @@
+#!/bin/sh -x
+
+. ./ca-include.sh
+
+FIREFOX_DIR=~/.mozilla/firefox
+PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
+
+pk12util -i /var/lib/pki-ca/certs/ca-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123
+certutil -M -n caadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE
+
+pk12util -i /var/lib/pki-kra/certs/kra-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123
+certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE
diff --git a/dogtag-9/firefox-certs-remove.sh b/dogtag-9/firefox-certs-remove.sh
new file mode 100755
index 0000000..97439e1
--- /dev/null
+++ b/dogtag-9/firefox-certs-remove.sh
@@ -0,0 +1,15 @@
+#!/bin/sh -x
+
+. ./ca-include.sh
+
+FIREFOX_DIR=~/.mozilla/firefox
+PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
+
+cd $FIREFOX_DIR/$PROFILE
+
+certutil -D -n "$CA_ADMIN_NAME" -d .
+certutil -D -n "kraadmin" -d .
+certutil -D -n "$CA_SUBSYSTEM_NAME - $REALM" -d .
+certutil -D -n "$HOSTNAME" -d .
+certutil -D -n "$HOSTNAME #2" -d .
+certutil -D -n "$HOSTNAME #3" -d .
diff --git a/dogtag-9/firefox-certs.sh b/dogtag-9/firefox-certs.sh
new file mode 100755
index 0000000..4e55245
--- /dev/null
+++ b/dogtag-9/firefox-certs.sh
@@ -0,0 +1,8 @@
+#!/bin/sh -x
+
+FIREFOX_DIR=~/.mozilla/firefox
+PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
+
+cd $FIREFOX_DIR/$PROFILE
+
+certutil -L -d .
diff --git a/dogtag-9/kra-configure.sh b/dogtag-9/kra-configure.sh
new file mode 100755
index 0000000..366c4a3
--- /dev/null
+++ b/dogtag-9/kra-configure.sh
@@ -0,0 +1,60 @@
+#!/bin/sh -x
+
+PKI_DEV_SRC=`cd .. ; pwd`
+
+INSTANCE_NAME=pki-kra
+PASSWORD=Secret123
+PIN=`grep preop.pin= /var/lib/$INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'`
+
+REALM=EXAMPLE-COM
+CERTS=/var/lib/$INSTANCE_NAME/certs
+rm -rf $CERTS
+mkdir -p $CERTS
+
+pkisilent ConfigureDRM \
+        -cs_hostname "$HOSTNAME" \
+        -cs_port 10443 \
+        -preop_pin "$PIN" \
+        -client_certdb_dir "$CERTS" \
+        -client_certdb_pwd "$PASSWORD" \
+        -token_name "internal" \
+        -sd_hostname "$HOSTNAME" \
+        -sd_admin_port 9443 \
+        -sd_ssl_port 9443 \
+        -sd_agent_port 9443 \
+        -sd_admin_name "caadmin" \
+        -sd_admin_password "$PASSWORD" \
+        -domain_name "$REALM" \
+        -subsystem_name "Data Recovery Manager" \
+        -ldap_host "localhost" \
+        -ldap_port "389" \
+        -base_dn "ou=kra,dc=example,dc=com" \
+        -db_name "example.com-$INSTANCE_NAME" \
+        -bind_dn "cn=Directory Manager" \
+        -bind_password "$PASSWORD" \
+        -remove_data true \
+        -key_type rsa \
+        -key_size 2048 \
+        -signing_algorithm SHA256withRSA \
+        -drm_transport_cert_subject_name "CN=DRM Transport Certificate,O=$REALM" \
+        -drm_storage_cert_subject_name "CN=DRM Storage Certificate,O=$REALM" \
+        -drm_server_cert_subject_name "CN=$HOSTNAME,O=$REALM" \
+        -drm_subsystem_cert_subject_name "CN=DRM Subsystem Certificate,O=$REALM" \
+        -drm_audit_signing_cert_subject_name "CN=DRM Audit Signing Certificate,O=$REALM" \
+        -ca_hostname "$HOSTNAME" \
+        -ca_port 9180 \
+        -ca_ssl_port 9443 \
+        -backup_fname "$CERTS/kra-server-certs.p12" \
+        -backup_pwd "$PASSWORD" \
+        -admin_user "kraadmin" \
+        -agent_name "kraadmin" \
+        -admin_email "kraadmin@example.com" \
+        -admin_password "$PASSWORD" \
+        -agent_key_size 2048 \
+        -agent_key_type rsa \
+        -agent_cert_subject "CN=kraadmin,UID=kraadmin,E=kraadmin@example.com,O=$REALM"
+
+echo $PASSWORD > "$CERTS/password.txt"
+PKCS12Export -d "$CERTS" -o "$CERTS/kra-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt"
+
+systemctl restart pki-krad@$INSTANCE_NAME.service
diff --git a/dogtag-9/kra-console.sh b/dogtag-9/kra-console.sh
new file mode 100755
index 0000000..8a1263c
--- /dev/null
+++ b/dogtag-9/kra-console.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+pkiconsole https://$HOSTNAME:10443/kra
diff --git a/dogtag-9/kra-create.sh b/dogtag-9/kra-create.sh
new file mode 100755
index 0000000..77a4d86
--- /dev/null
+++ b/dogtag-9/kra-create.sh
@@ -0,0 +1,29 @@
+#!/bin/sh -x
+
+SRC_DIR=`cd ../.. ; pwd`
+
+INSTANCE_NAME=pki-kra
+
+pkicreate -pki_instance_root=/var/lib			\
+          -pki_instance_name=$INSTANCE_NAME		\
+          -subsystem_type=kra				\
+          -secure_port=10443				\
+          -unsecure_port=10180				\
+          -tomcat_server_port=10701			\
+          -user=pkiuser					\
+          -group=pkiuser				\
+          -audit_group=pkiaudit				\
+          -redirect conf=/etc/$INSTANCE_NAME		\
+          -redirect logs=/var/log/$INSTANCE_NAME	\
+          -verbose
+
+cd /var/lib/$INSTANCE_NAME
+
+ln -s /usr/share/tomcat6/bin bin
+ln -s /usr/share/tomcat6/lib lib
+rm -f webapps/kra/WEB-INF/lib/pki-*
+
+rm -rf webapps/kra/WEB-INF/classes
+ln -s $SRC_DIR/pki/build/classes webapps/kra/WEB-INF
+
+systemctl restart pki-krad@$INSTANCE_NAME.service
diff --git a/dogtag-9/kra-remove.sh b/dogtag-9/kra-remove.sh
new file mode 100755
index 0000000..3ddfa9d
--- /dev/null
+++ b/dogtag-9/kra-remove.sh
@@ -0,0 +1,7 @@
+#!/bin/sh -x
+
+INSTANCE_NAME=pki-kra
+
+pkiremove -pki_instance_root=/var/lib\
+	-pki_instance_name=$INSTANCE_NAME\
+	-force
diff --git a/dogtag-9/kra-restart.sh b/dogtag-9/kra-restart.sh
new file mode 100755
index 0000000..914945c
--- /dev/null
+++ b/dogtag-9/kra-restart.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl restart pki-krad@pki-kra.service
diff --git a/dogtag-9/kra-start.sh b/dogtag-9/kra-start.sh
new file mode 100755
index 0000000..a66efc5
--- /dev/null
+++ b/dogtag-9/kra-start.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl start pki-krad@pki-kra.service
diff --git a/dogtag-9/kra-stop.sh b/dogtag-9/kra-stop.sh
new file mode 100755
index 0000000..1927603
--- /dev/null
+++ b/dogtag-9/kra-stop.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+systemctl stop pki-krad@pki-kra.service