diff options
author | Endi S. Dewata <edewata@redhat.com> | 2018-02-02 18:47:17 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2018-02-02 18:47:17 +0100 |
commit | ec842e618d1def4eab56a56db315fca83e53b48c (patch) | |
tree | 62c39ae9c115f1a782600e19b534dce3c315c942 /scripts/subca-create.sh | |
parent | 75c76bdaf20b783e0764845e1e0b65a15f42fe4a (diff) | |
download | pki-dev-ec842e618d1def4eab56a56db315fca83e53b48c.tar.gz pki-dev-ec842e618d1def4eab56a56db315fca83e53b48c.tar.xz pki-dev-ec842e618d1def4eab56a56db315fca83e53b48c.zip |
Updated sub CA scripts.
Diffstat (limited to 'scripts/subca-create.sh')
-rwxr-xr-x | scripts/subca-create.sh | 58 |
1 files changed, 30 insertions, 28 deletions
diff --git a/scripts/subca-create.sh b/scripts/subca-create.sh index eaef0f5..940f06e 100755 --- a/scripts/subca-create.sh +++ b/scripts/subca-create.sh @@ -2,19 +2,12 @@ mkdir -p tmp -ROOT=`cat tmp/rootca.txt` +ROOTCA=`cat tmp/rootca.hostname` cat > tmp/subca.cfg << EOF [DEFAULT] pki_pin=Secret.123 -#pki_https_port=9443 -#pki_http_port=9443 - -#[Tomcat] -#pki_ajp_port=9009 -#pki_tomcat_server_port=9005 - [CA] pki_admin_email=caadmin@example.com pki_admin_name=caadmin @@ -22,38 +15,47 @@ pki_admin_nickname=caadmin pki_admin_password=Secret.123 pki_admin_uid=caadmin -pki_subordinate=True -pki_issuing_ca_hostname=$ROOT -pki_issuing_ca_https_port=8443 -pki_ca_signing_subject_dn=cn=Subordinate CA Signing Certificate,o=SUBORDINATE - pki_client_database_password=Secret.123 pki_client_database_purge=False pki_client_pkcs12_password=Secret.123 pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com -pki_ds_database=ca pki_ds_password=Secret.123 +pki_ds_database=ca -pki_security_domain_hostname=$ROOT -pki_security_domain_https_port=8443 +pki_subordinate=True + +pki_issuing_ca_hostname=$ROOTCA + +pki_security_domain_hostname=$ROOTCA +#pki_security_domain_name=EXAMPLE pki_security_domain_user=caadmin pki_security_domain_password=Secret.123 -#pki_subordinate_create_new_security_domain=True -#pki_subordinate_security_domain_name=SUBORDINATE +pki_subordinate_create_new_security_domain=True +pki_subordinate_security_domain_name=EXAMPLE + +pki_ca_signing_nickname=${PREFIX}ca_signing +pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=EXAMPLE +pki_ca_signing_token=$TOKEN -#pki_ca_signing_nickname=edewata/%(pki_instance_name)s/ca_signing -#pki_ocsp_signing_nickname=edewata/%(pki_instance_name)s/ca_ocsp_signing -#pki_audit_signing_nickname=edewata/%(pki_instance_name)s/ca_audit_signing -#pki_sslserver_nickname=edewata/%(pki_instance_name)s/sslserver -#pki_subsystem_nickname=edewata/%(pki_instance_name)s/subsystem +pki_ocsp_signing_nickname=${PREFIX}ca_ocsp_signing +pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=EXAMPLE +pki_ocsp_signing_token=$TOKEN -pki_ca_signing_nickname=ca_signing -pki_ocsp_signing_nickname=ca_ocsp_signing -pki_audit_signing_nickname=ca_audit_signing -pki_sslserver_nickname=sslserver -pki_subsystem_nickname=subsystem +pki_audit_signing_nickname=${PREFIX}ca_audit_signing +pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=EXAMPLE +pki_audit_signing_token=$TOKEN + +pki_sslserver_nickname=${PREFIX}sslserver/$HOSTNAME +pki_sslserver_subject_dn=cn=$HOSTNAME,o=EXAMPLE +pki_sslserver_token=$TOKEN + +pki_subsystem_nickname=${PREFIX}subsystem/$HOSTNAME +pki_subsystem_subject_dn=cn=Subsystem Certificate,o=EXAMPLE +pki_subsystem_token=$TOKEN EOF pkispawn -v -f tmp/subca.cfg -s CA + +echo $HOSTNAME > tmp/subca.hostname |