diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-07-12 17:28:37 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-12 17:28:37 +0200 |
| commit | 3190be941ce9bb8b05b1bf9d49aa95480c1ba77b (patch) | |
| tree | 33b37845f9a405ef9ce4b8396ac8f180e5794154 /scripts/ca-clone-configure.sh | |
| parent | da5d725379fff33a445c0b0a5c510b62e2485c88 (diff) | |
| download | pki-dev-3190be941ce9bb8b05b1bf9d49aa95480c1ba77b.tar.gz pki-dev-3190be941ce9bb8b05b1bf9d49aa95480c1ba77b.tar.xz pki-dev-3190be941ce9bb8b05b1bf9d49aa95480c1ba77b.zip | |
Updated CA scripts.
Diffstat (limited to 'scripts/ca-clone-configure.sh')
| -rwxr-xr-x | scripts/ca-clone-configure.sh | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/scripts/ca-clone-configure.sh b/scripts/ca-clone-configure.sh new file mode 100755 index 0000000..4c3d55b --- /dev/null +++ b/scripts/ca-clone-configure.sh @@ -0,0 +1,66 @@ +#!/bin/sh -x + +PKI_DEV_SRC=`cd .. ; pwd` + +INSTANCE_NAME=pki-caclone +PASSWORD=Secret123 +PIN=`grep preop.pin= /var/lib/$INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'` + +REALM=EXAMPLE-COM +CERTS=$PKI_DEV_SRC/certs/caclone +rm -rf $CERTS +mkdir -p $CERTS + +./ca-clone-certs.sh + +pkisilent ConfigureCA \ + -cs_hostname "$HOSTNAME" \ + -cs_port "9444" \ + -preop_pin "$PIN" \ + -client_certdb_dir "$CERTS" \ + -client_certdb_pwd "$PASSWORD" \ + -token_name "internal" \ + -domain_name "$REALM" \ + -subsystem_name "Certificate Authority Clone" \ + -clone "true" \ + -clone_uri "https://$HOSTNAME:9443" \ + -clone_p12_file "ca-server-certs.p12" \ + -clone_p12_password "$PASSWORD" \ + -sd_hostname "$HOSTNAME" \ + -sd_admin_port 9443 \ + -sd_ssl_port 9443 \ + -sd_agent_port 9443 \ + -sd_admin_name "caadmin" \ + -sd_admin_password "$PASSWORD" \ + -ldap_host "localhost" \ + -ldap_port "390" \ + -base_dn "dc=ca,dc=example,dc=com" \ + -db_name "example.com-$INSTANCE_NAME" \ + -bind_dn "cn=Directory Manager" \ + -bind_password "$PASSWORD" \ + -remove_data "true" \ + -key_type rsa \ + -key_size 2048 \ + -key_algorithm SHA256withRSA \ + -signing_signingalgorithm SHA256withRSA \ + -save_p12 true \ + -backup_fname "$CERTS/caclone-server-certs.p12" \ + -backup_pwd "$PASSWORD" \ + -ca_sign_cert_subject_name "CN=Certificate Authority,O=$REALM" \ + -ca_ocsp_cert_subject_name "CN=OCSP Signing Certificate,O=$REALM" \ + -ca_server_cert_subject_name "CN=$HOSTNAME,O=$REALM" \ + -ca_subsystem_cert_subject_name "CN=CA Subsystem Certificate,O=$REALM" \ + -ca_audit_signing_cert_subject_name "CN=CA Audit Signing Certificate,O=$REALM" \ + -admin_user "caadmin" \ + -agent_name "caadmin" \ + -admin_email "caadmin@example.com" \ + -admin_password "$PASSWORD" \ + -agent_key_size 2048 \ + -agent_key_type rsa \ + -agent_cert_subject "CN=caadmin,UID=caadmin,E=caadmin@example.com,O=$REALM" + + +echo $PASSWORD > "$CERTS/password.txt" +PKCS12Export -d "$CERTS" -o "$CERTS/caclone-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" + +systemctl restart pki-cad@$INSTANCE_NAME.service |