diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-07-20 07:35:04 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-20 07:35:04 +0200 |
commit | e95825fb85e60bfa29a3124c37d6aac890a08163 (patch) | |
tree | c297f73029f93fc2a395fde7168b0c50697f01ff /scripts/ocsp-standalone-sign.sh | |
parent | 226d757ee6e52c6775c48e498fd2d7d1fab9a369 (diff) | |
download | pki-dev-e95825fb85e60bfa29a3124c37d6aac890a08163.tar.gz pki-dev-e95825fb85e60bfa29a3124c37d6aac890a08163.tar.xz pki-dev-e95825fb85e60bfa29a3124c37d6aac890a08163.zip |
Updated OCSP scripts.
Diffstat (limited to 'scripts/ocsp-standalone-sign.sh')
-rwxr-xr-x | scripts/ocsp-standalone-sign.sh | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/scripts/ocsp-standalone-sign.sh b/scripts/ocsp-standalone-sign.sh new file mode 100755 index 0000000..68dd4bd --- /dev/null +++ b/scripts/ocsp-standalone-sign.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +#### CA Cert #### + +pki cert-show --output external_ca.cert 0x1 +#pki cert-show --output external_ca_chain.cert 0x1 + +#### Admin Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caUserCert --csr-file ocsp_admin.csr --subject uid=ocspadmin | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output ocsp_admin.cert $CERT_ID + +#### OCSP Signing Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caOCSPSigningCert --csr-file ocsp_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output ocsp_signing.cert $CERT_ID + +#### Server Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caServerCert --csr-file ocsp_sslserver.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output ocsp_sslserver.cert $CERT_ID + +#### Subsystem Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caSubsystemCert --csr-file ocsp_subsystem.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output ocsp_subsystem.cert $CERT_ID + +#### Audit Signing Cert #### + +REQUEST_ID=`pki ca-cert-request-submit --profile caSignedLogCert --csr-file ocsp_audit_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output ocsp_audit_signing.cert $CERT_ID + |