diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-07-12 17:28:37 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-12 17:28:37 +0200 |
commit | 3190be941ce9bb8b05b1bf9d49aa95480c1ba77b (patch) | |
tree | 33b37845f9a405ef9ce4b8396ac8f180e5794154 /scripts/ca-export.sh | |
parent | da5d725379fff33a445c0b0a5c510b62e2485c88 (diff) | |
download | pki-dev-3190be941ce9bb8b05b1bf9d49aa95480c1ba77b.tar.gz pki-dev-3190be941ce9bb8b05b1bf9d49aa95480c1ba77b.tar.xz pki-dev-3190be941ce9bb8b05b1bf9d49aa95480c1ba77b.zip |
Updated CA scripts.
Diffstat (limited to 'scripts/ca-export.sh')
-rwxr-xr-x | scripts/ca-export.sh | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/scripts/ca-export.sh b/scripts/ca-export.sh new file mode 100755 index 0000000..351f68f --- /dev/null +++ b/scripts/ca-export.sh @@ -0,0 +1,33 @@ +#!/bin/sh -x + +grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > internal.txt +#PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p internal.txt -w password.txt -o ca_backup_keys.p12 +PKCS12Export -d /var/lib/pki/pki-tomcat/alias -p internal.txt -w password.txt -o ca_backup_keys.p12 + +pki pkcs12-cert-find --pkcs12-file ca_backup_keys.p12 --pkcs12-password-file password.txt +pki pkcs12-key-find --pkcs12-file ca_backup_keys.p12 --pkcs12-password-file password.txt + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_signing.csr +sed -n "/^ca.signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_signing.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_signing.csr + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_ocsp_signing.csr +sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_ocsp_signing.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_ocsp_signing.csr + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > sslserver.csr +sed -n "/^ca.sslserver.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> sslserver.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> sslserver.csr + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > subsystem.csr +sed -n "/^ca.subsystem.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> subsystem.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> subsystem.csr + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_audit_signing.csr +sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_audit_signing.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_audit_signing.csr + +#pki-server ca-clone-prepare --pkcs12-file ca_backup_keys.p12 --pkcs12-password-file password.txt + +cp ~/.dogtag/pki-tomcat/ca_admin.cert . +cp ~/.dogtag/pki-tomcat/ca_admin_cert.p12 . |