summaryrefslogtreecommitdiffstats
path: root/scripts/ds-openssl-create.sh
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-07-20 07:28:26 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-07-20 07:28:26 +0200
commitd2cc01d76e69f8d3602c5181263b95cbcd1c79a3 (patch)
tree7b136f1a76e2e808bc48332283054d9f05d4863d /scripts/ds-openssl-create.sh
parentc23e0e44df69e44cb21c0e564ff1a7e2a7b67fd5 (diff)
downloadpki-dev-d2cc01d76e69f8d3602c5181263b95cbcd1c79a3.tar.gz
pki-dev-d2cc01d76e69f8d3602c5181263b95cbcd1c79a3.tar.xz
pki-dev-d2cc01d76e69f8d3602c5181263b95cbcd1c79a3.zip
Added DS scripts.
Diffstat (limited to 'scripts/ds-openssl-create.sh')
-rwxr-xr-xscripts/ds-openssl-create.sh25
1 files changed, 25 insertions, 0 deletions
diff --git a/scripts/ds-openssl-create.sh b/scripts/ds-openssl-create.sh
new file mode 100755
index 0000000..3cfe71c
--- /dev/null
+++ b/scripts/ds-openssl-create.sh
@@ -0,0 +1,25 @@
+#!/bin/sh -x
+
+cp password.txt /etc/dirsrv/slapd-pki-tomcat/password.txt
+chown nobody.nobody /etc/dirsrv/slapd-pki-tomcat/password.txt
+chmod 400 /etc/dirsrv/slapd-pki-tomcat/password.txt
+echo "Internal (Software) Token:`cat /etc/dirsrv/slapd-pki-tomcat/password.txt`" > /etc/dirsrv/slapd-pki-tomcat/pin.txt
+chown nobody.nobody /etc/dirsrv/slapd-pki-tomcat/pin.txt
+chmod 400 /etc/dirsrv/slapd-pki-tomcat/pin.txt
+
+# generate CA certificate
+#openssl req -newkey rsa:2048 -keyout dsca.key -nodes -x509 -out dsca.pem -subj "/CN=CAcert" -days 365
+#openssl pkcs12 -export -in dsca.pem -inkey dsca.key -out dsca.p12 -name "CA certificate" -passout pass:Secret123
+#pk12util -i dsca.p12 -d /etc/dirsrv/slapd-pki-tomcat -k /etc/dirsrv/slapd-pki-tomcat/pwdfile.txt -W Secret123
+#certutil -M -d /etc/dirsrv/slapd-pki-tomcat -n "CA certificate" -t "CTu,u,u"
+
+# generate server certificate
+#openssl req -newkey rsa:2048 -keyout ds.key -nodes -new -out ds.csr -subj "/CN=$HOSTNAME" -days 365
+#openssl x509 -req -in ds.csr -CA dsca.pem -CAkey dsca.key -CAcreateserial -out ds.pem
+#openssl pkcs12 -export -in ds.pem -inkey ds.key -out ds.p12 -name "Server-Cert" -passout pass:Secret123
+#pk12util -i ds.p12 -d /etc/dirsrv/slapd-pki-tomcat -k /etc/dirsrv/slapd-pki-tomcat/pwdfile.txt -W Secret123
+
+openssl req -newkey rsa:2048 -keyout ds.key -nodes -x509 -out ds.crt -subj "/CN=$HOSTNAME" -days 365
+openssl pkcs12 -export -in ds.crt -inkey ds.key -out ds.p12 -name "DS Certificate" -passout file:/etc/dirsrv/slapd-pki-tomcat/password.txt
+pk12util -i ds.p12 -d /etc/dirsrv/slapd-pki-tomcat -k /etc/dirsrv/slapd-pki-tomcat/password.txt -w /etc/dirsrv/slapd-pki-tomcat/password.txt
+certutil -M -d /etc/dirsrv/slapd-pki-tomcat -n "DS Certificate" -t "CT,C,C"