diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-07-12 17:28:37 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-12 17:28:37 +0200 |
commit | 3190be941ce9bb8b05b1bf9d49aa95480c1ba77b (patch) | |
tree | 33b37845f9a405ef9ce4b8396ac8f180e5794154 /scripts/ca-renew-step2.sh | |
parent | da5d725379fff33a445c0b0a5c510b62e2485c88 (diff) | |
download | pki-dev-3190be941ce9bb8b05b1bf9d49aa95480c1ba77b.tar.gz pki-dev-3190be941ce9bb8b05b1bf9d49aa95480c1ba77b.tar.xz pki-dev-3190be941ce9bb8b05b1bf9d49aa95480c1ba77b.zip |
Updated CA scripts.
Diffstat (limited to 'scripts/ca-renew-step2.sh')
-rwxr-xr-x | scripts/ca-renew-step2.sh | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/scripts/ca-renew-step2.sh b/scripts/ca-renew-step2.sh new file mode 100755 index 0000000..d957368 --- /dev/null +++ b/scripts/ca-renew-step2.sh @@ -0,0 +1,66 @@ +#!/bin/sh -x + +timedatectl set-ntp false +timedatectl set-time 2018-11-26 + +./tomcat-restart.sh + +sleep 5 + +pki ca-cert-request-submit --profile caManualRenewal --serial 0x2 +pki ca-cert-request-submit --profile caManualRenewal --serial 0x3 +pki ca-cert-request-submit --profile caManualRenewal --serial 0x4 +pki ca-cert-request-submit --profile caManualRenewal --serial 0x5 + +pki ca-cert-request-submit --profile caManualRenewal --serial 0x6 + +#pki -U https://$HOSTNAME:8443 \ +# -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin client-cert-request \ +# "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE" \ +# --profile caManualRenewal + +pki -d ~/.dogtag/pki-tomcat/ca/alias -n caadmin -c Secret.123 ca-cert-request-review 0x7 --action approve +pki -d ~/.dogtag/pki-tomcat/ca/alias -n caadmin -c Secret.123 ca-cert-request-review 0x8 --action approve +pki -d ~/.dogtag/pki-tomcat/ca/alias -n caadmin -c Secret.123 ca-cert-request-review 0x9 --action approve +pki -d ~/.dogtag/pki-tomcat/ca/alias -n caadmin -c Secret.123 ca-cert-request-review 0xa --action approve +pki -d ~/.dogtag/pki-tomcat/ca/alias -n caadmin -c Secret.123 ca-cert-request-review 0xb --action approve + +pki ca-cert-show 0x7 --output ca_ocsp_signing.crt +pki ca-cert-show 0x8 --output sslserver.crt +pki ca-cert-show 0x9 --output subsystem.crt +pki ca-cert-show 0xa --output ca_audit_signing.crt + +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-user-cert-add caadmin --serial 0xb + +#pki ca-cert-show 0xb --output caadmin.crt +certutil -D -d ~/.dogtag/pki-tomcat/ca/alias -n caadmin +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 client-cert-import caadmin --serial 0xb + +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-user-cert-del caadmin "2;6;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE" + +./tomcat-stop.sh + +pki-server subsystem-cert-update ca ocsp_signing --cert ca_ocsp_signing.crt --replace +pki-server subsystem-cert-update ca sslserver --cert sslserver.crt --replace +pki-server subsystem-cert-update ca subsystem --cert subsystem.crt --replace +pki-server subsystem-cert-update ca audit_signing --cert ca_audit_signing.crt --replace + +#pki-server subsystem-cert-update ca audit_signing --cert ca_audit_signing.crt +#pki-server subsystem-cert-update ca sslserver --cert sslserver.crt +#pki-server subsystem-cert-update ca subsystem --cert subsystem.crt +#pki-server subsystem-cert-update ca audit_signing --cert ca_audit_signing.crt + +#certutil -D -d /var/lib/pki/pki-tomcat/alias -n ca_ocsp_signing +#certutil -D -d /var/lib/pki/pki-tomcat/alias -n sslserver +#certutil -D -d /var/lib/pki/pki-tomcat/alias -n subsystem +#certutil -D -d /var/lib/pki/pki-tomcat/alias -n ca_audit_signing + +#certutil -A -d /var/lib/pki/pki-tomcat/alias -n ca_ocsp_signing -i ca_ocsp_signing.crt -t "u,u,u" +#certutil -A -d /var/lib/pki/pki-tomcat/alias -n sslserver -i sslserver.crt -t "u,u,u" +#certutil -A -d /var/lib/pki/pki-tomcat/alias -n subsystem -i subsystem.crt -t "u,u,u" +#certutil -A -d /var/lib/pki/pki-tomcat/alias -n ca_audit_signing -i ca_audit_signing.crt -t "u,u,Pu" + +./tomcat-start.sh + +pki-server subsystem-cert-find ca +certutil -L -d /var/lib/pki/pki-tomcat/alias |