diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-07-12 20:23:28 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-12 20:23:28 +0200 |
| commit | c23e0e44df69e44cb21c0e564ff1a7e2a7b67fd5 (patch) | |
| tree | 0250e55b5b488999efab3b2f608d05194ae05a30 /scripts/kra-standalone-sign.sh | |
| parent | 3190be941ce9bb8b05b1bf9d49aa95480c1ba77b (diff) | |
| download | pki-dev-c23e0e44df69e44cb21c0e564ff1a7e2a7b67fd5.tar.gz pki-dev-c23e0e44df69e44cb21c0e564ff1a7e2a7b67fd5.tar.xz pki-dev-c23e0e44df69e44cb21c0e564ff1a7e2a7b67fd5.zip | |
Updated KRA scripts.
Diffstat (limited to 'scripts/kra-standalone-sign.sh')
| -rwxr-xr-x | scripts/kra-standalone-sign.sh | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/scripts/kra-standalone-sign.sh b/scripts/kra-standalone-sign.sh new file mode 100755 index 0000000..0c6a569 --- /dev/null +++ b/scripts/kra-standalone-sign.sh @@ -0,0 +1,75 @@ +#!/bin/sh + +rm -f external_ca.cert +rm -f kra_admin.cert +rm -f kra_transport.cert +rm -f kra_storage.cert +rm -f kra_sslserver.cert +rm -f kra_subsystem.cert +rm -f kra_audit_signing.cert + +#### CA Cert #### + +pki cert-show --output external_ca.cert 0x1 +#pki cert-show --output external_ca_chain.cert 0x1 + +#### Admin Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caUserCert --csr-file kra_admin.csr --subject uid=kraadmin | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output kra_admin.cert $CERT_ID + +#### Transport Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caTransportCert --csr-file kra_transport.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output kra_transport.cert $CERT_ID + +#### Storage Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caStorageCert --csr-file kra_storage.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output kra_storage.cert $CERT_ID + +#### Server Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caServerCert --csr-file kra_sslserver.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output kra_sslserver.cert $CERT_ID + +#### Subsystem Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caSubsystemCert --csr-file kra_subsystem.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output kra_subsystem.cert $CERT_ID + +#### Audit Signing Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caSignedLogCert --csr-file kra_audit_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output kra_audit_signing.cert $CERT_ID + |