diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-10-20 21:16:52 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-10-20 21:18:08 +0200 |
| commit | 1adf9a0cac7ff5ddebe30db4c380133ff3718b8a (patch) | |
| tree | bc82a43cea675b4c76291ba72a903625d0e8f0a3 /scripts | |
| parent | 4a2fdc8bd0acb29c650a103f90fb6a2ba0235659 (diff) | |
| download | pki-dev-1adf9a0cac7ff5ddebe30db4c380133ff3718b8a.tar.gz pki-dev-1adf9a0cac7ff5ddebe30db4c380133ff3718b8a.tar.xz pki-dev-1adf9a0cac7ff5ddebe30db4c380133ff3718b8a.zip | |
Updated CA scripts.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/ca-admin-init.sh | 15 | ||||
| -rwxr-xr-x | scripts/ca-clone-admin-init.sh | 13 | ||||
| -rwxr-xr-x | scripts/ca-clone-prep.sh | 6 | ||||
| -rwxr-xr-x | scripts/ca-create.sh | 8 | ||||
| -rwxr-xr-x | scripts/ca-existing-certs-create.sh (renamed from scripts/ca-all-existing-create.sh) | 22 | ||||
| -rwxr-xr-x | scripts/ca-existing-export-certs.sh | 37 | ||||
| -rwxr-xr-x | scripts/ca-existing-export-pkcs12.sh (renamed from scripts/ca-all-existing-export.sh) | 0 | ||||
| -rwxr-xr-x | scripts/ca-existing-pkcs12-create.sh (renamed from scripts/ca-existing-create.sh) | 16 | ||||
| -rwxr-xr-x | scripts/ca-external-step1.sh | 21 | ||||
| -rwxr-xr-x | scripts/ca-external-step2.sh | 27 | ||||
| -rwxr-xr-x | scripts/ca-step1.sh | 37 | ||||
| -rwxr-xr-x | scripts/ca-step2.sh | 42 | ||||
| -rwxr-xr-x | scripts/ca-sub-create.sh | 42 | ||||
| -rwxr-xr-x | scripts/ca_signing-cmc-sign.sh | 3 | ||||
| -rwxr-xr-x | scripts/ca_signing-export.sh | 3 |
15 files changed, 235 insertions, 57 deletions
diff --git a/scripts/ca-admin-init.sh b/scripts/ca-admin-init.sh new file mode 100755 index 0000000..814c14b --- /dev/null +++ b/scripts/ca-admin-init.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +pki -c Secret.123 client-init --force + +pki -c Secret.123 client-cert-import "Root CA Signing Certificate" --ca-cert tmp/external.crt + +pki -c Secret.123 client-cert-import "CA Signing Certificate" --ca-server + +pki -c Secret.123 client-cert-import \ + --pkcs12 ~/.dogtag/pki-tomcat/ca_admin_cert.p12 \ + --pkcs12-password Secret.123 + +#pki -c Secret.123 pkcs12-import \ +# --pkcs12-file ~/.dogtag/pki-tomcat/ca_admin_cert.p12 \ +# --pkcs12-password Secret.123 diff --git a/scripts/ca-clone-admin-init.sh b/scripts/ca-clone-admin-init.sh new file mode 100755 index 0000000..eefe7cc --- /dev/null +++ b/scripts/ca-clone-admin-init.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +pki -c Secret.123 client-init --force + +pki -c Secret.123 client-cert-import "CA Signing Certificate" --ca-server + +pki -c Secret.123 client-cert-import \ + --pkcs12 tmp/ca_admin_cert.p12 \ + --pkcs12-password Secret.123 + +#pki -c Secret.123 pkcs12-import \ +# --pkcs12-file tmp/ca_admin_cert.p12 \ +# --pkcs12-password Secret.123 diff --git a/scripts/ca-clone-prep.sh b/scripts/ca-clone-prep.sh index 378b70e..7808d33 100755 --- a/scripts/ca-clone-prep.sh +++ b/scripts/ca-clone-prep.sh @@ -6,11 +6,11 @@ echo $HOSTNAME > tmp/master.txt grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > tmp/internal.txt -PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca_backup_keys.p12 -pki pkcs12-cert-find --pkcs12-file tmp/ca_backup_keys.p12 --pkcs12-password-file password.txt +#PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca_backup_keys.p12 +#pki pkcs12-cert-find --pkcs12-file tmp/ca_backup_keys.p12 --pkcs12-password-file password.txt pki-server ca-clone-prepare --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt pki pkcs12-cert-find --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt #cp ~/.dogtag/pki-tomcat/ca_admin.cert tmp -#cp ~/.dogtag/pki-tomcat/ca_admin_cert.p12 tmp +cp ~/.dogtag/pki-tomcat/ca_admin_cert.p12 tmp diff --git a/scripts/ca-create.sh b/scripts/ca-create.sh index 009d330..1095700 100755 --- a/scripts/ca-create.sh +++ b/scripts/ca-create.sh @@ -13,9 +13,6 @@ pki_admin_nickname=caadmin pki_admin_password=Secret.123 pki_admin_uid=caadmin -#pki_backup_keys=True -#pki_backup_password=Secret.123 - pki_client_database_password=Secret.123 pki_client_database_purge=False pki_client_pkcs12_password=Secret.123 @@ -26,9 +23,6 @@ pki_ds_database=ca pki_security_domain_name=EXAMPLE -#pki_server_pkcs12_path=pki-server.p12 -#pki_server_pkcs12_password=Secret.123 - pki_ca_signing_nickname=ca_signing pki_ocsp_signing_nickname=ca_ocsp_signing pki_audit_signing_nickname=ca_audit_signing @@ -41,4 +35,4 @@ pkispawn -f tmp/ca.cfg -s CA #/bin/cp /root/.dogtag/pki-tomcat/ca_admin.cert . #/bin/cp /root/.dogtag/pki-tomcat/ca_admin_cert.p12 . #/bin/cp /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf ca_admin_cert.txt -#echo $HOSTNAME > tmp/master.txt +echo $HOSTNAME > tmp/ca.hostname diff --git a/scripts/ca-all-existing-create.sh b/scripts/ca-existing-certs-create.sh index 98c05d8..646e4dc 100755 --- a/scripts/ca-all-existing-create.sh +++ b/scripts/ca-existing-certs-create.sh @@ -2,7 +2,7 @@ mkdir -p tmp -cat > tmp/ca-all-existing.cfg << EOF +cat > tmp/ca-existing-certs.cfg << EOF [DEFAULT] pki_pin=Secret.123 @@ -28,25 +28,27 @@ pki_token_password=Secret.123 pki_existing=True pki_ca_signing_nickname=ca_signing -pki_ca_signing_csr_path=$PWD/tmp/ca_signing.csr +pki_ca_signing_csr_path=tmp/ca_signing.csr +pki_ca_signing_cert_path=tmp/ca_signing.crt pki_ocsp_signing_nickname=ca_ocsp_signing -pki_ocsp_signing_csr_path=$PWD/tmp/ca_ocsp_signing.csr +pki_ocsp_signing_csr_path=tmp/ca_ocsp_signing.csr +pki_ocsp_signing_cert_path=tmp/ca_ocsp_signing.crt pki_sslserver_nickname=sslserver -pki_sslserver_csr_path=$PWD/tmp/sslserver.csr +pki_sslserver_csr_path=tmp/sslserver.csr +pki_sslserver_cert_path=tmp/sslserver.crt pki_subsystem_nickname=subsystem -pki_subsystem_csr_path=$PWD/tmp/subsystem.csr +pki_subsystem_csr_path=tmp/subsystem.csr +pki_subsystem_cert_path=tmp/subsystem.crt pki_audit_signing_nickname=ca_audit_signing -pki_audit_signing_csr_path=$PWD/tmp/ca_audit_signing.csr - -pki_pkcs12_path=$PWD/tmp/ca-certs.p12 -pki_pkcs12_password=Secret.123 +pki_audit_signing_csr_path=tmp/ca_audit_signing.csr +pki_audit_signing_cert_path=tmp/ca_audit_signing.crt #pki_serial_number_range_start=6 #pki_request_number_range_start=1 EOF -pkispawn -f tmp/ca-all-existing.cfg -s CA +pkispawn -v -f tmp/ca-existing-certs.cfg -s CA diff --git a/scripts/ca-existing-export-certs.sh b/scripts/ca-existing-export-certs.sh new file mode 100755 index 0000000..3645488 --- /dev/null +++ b/scripts/ca-existing-export-certs.sh @@ -0,0 +1,37 @@ +#!/bin/sh -x + +#grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > tmp/internal.txt +#PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca-certs.p12 +#PKCS12Export -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca-certs.p12 + +#pki pkcs12-cert-find --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt +#pki pkcs12-key-find --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt + +certutil -L -d /var/lib/pki/pki-tomcat/alias -n "ca_signing" -a > tmp/ca_signing.crt +certutil -L -d /var/lib/pki/pki-tomcat/alias -n "ca_ocsp_signing" -a > tmp/ca_ocsp_signing.crt +certutil -L -d /var/lib/pki/pki-tomcat/alias -n "ca_audit_signing" -a > tmp/ca_audit_signing.crt +certutil -L -d /var/lib/pki/pki-tomcat/alias -n "subsystem" -a > tmp/subsystem.crt +certutil -L -d /var/lib/pki/pki-tomcat/alias -n "sslserver" -a > tmp/sslserver.crt + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_signing.csr +sed -n "/^ca.signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_signing.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_signing.csr + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_ocsp_signing.csr +sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_ocsp_signing.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_ocsp_signing.csr + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/sslserver.csr +sed -n "/^ca.sslserver.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/sslserver.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/sslserver.csr + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/subsystem.csr +sed -n "/^ca.subsystem.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/subsystem.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/subsystem.csr + +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_audit_signing.csr +sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_audit_signing.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_audit_signing.csr + +#cp ~/.dogtag/pki-tomcat/ca_admin.cert tmp +#cp ~/.dogtag/pki-tomcat/ca_admin_cert.p12 tmp diff --git a/scripts/ca-all-existing-export.sh b/scripts/ca-existing-export-pkcs12.sh index da2ce2d..da2ce2d 100755 --- a/scripts/ca-all-existing-export.sh +++ b/scripts/ca-existing-export-pkcs12.sh diff --git a/scripts/ca-existing-create.sh b/scripts/ca-existing-pkcs12-create.sh index 823b98e..c7519e8 100755 --- a/scripts/ca-existing-create.sh +++ b/scripts/ca-existing-pkcs12-create.sh @@ -27,23 +27,23 @@ pki_token_password=Secret.123 pki_existing=True +pki_pkcs12_path=tmp/ca-certs.p12 +pki_pkcs12_password=Secret.123 + pki_ca_signing_nickname=ca_signing -pki_ca_signing_csr_path=$PWD/tmp/ca_signing.csr +pki_ca_signing_csr_path=tmp/ca_signing.csr pki_ocsp_signing_nickname=ca_ocsp_signing -#pki_ocsp_signing_csr_path=$PWD/tmp/ca_ocsp_signing.csr +pki_ocsp_signing_csr_path=tmp/ca_ocsp_signing.csr pki_sslserver_nickname=sslserver -#pki_sslserver_csr_path=$PWD/tmp/sslserver.csr +pki_sslserver_csr_path=tmp/sslserver.csr pki_subsystem_nickname=subsystem -#pki_subsystem_csr_path=$PWD/tmp/subsystem.csr +pki_subsystem_csr_path=tmp/subsystem.csr pki_audit_signing_nickname=ca_audit_signing -#pki_audit_signing_csr_path=$PWD/tmp/ca_audit_signing.csr - -pki_pkcs12_path=$PWD/tmp/ca-certs.p12 -pki_pkcs12_password=Secret.123 +pki_audit_signing_csr_path=tmp/ca_audit_signing.csr #pki_serial_number_range_start=6 #pki_request_number_range_start=1 diff --git a/scripts/ca-external-step1.sh b/scripts/ca-external-step1.sh index 85ccfc7..96365de 100755 --- a/scripts/ca-external-step1.sh +++ b/scripts/ca-external-step1.sh @@ -4,7 +4,6 @@ mkdir -p tmp cat > tmp/ca-external-step1.cfg << EOF [DEFAULT] -#pki_instance_name=pki-child pki_pin=Secret.123 [CA] @@ -31,19 +30,21 @@ pki_token_password=Secret.123 pki_external=True pki_external_step_two=False -pki_external_csr_path=$PWD/tmp/ca_signing.csr -#pki_ca_signing_csr_path=$PWD/tmp/ca_signing.csr -#pki_ocsp_signing_csr_path=$PWD/tmp/ca_ocsp_signing.csr -#pki_audit_signing_csr_path=$PWD/tmp/ca_audit_signing.csr -#pki_sslserver_csr_path=$PWD/tmp/sslserver.csr -#pki_subsystem_csr_path=$PWD/tmp/subsystem.csr +#pki_external_csr_path=tmp/ca_signing.csr +pki_ca_signing_csr_path=tmp/ca_signing.csr + +#pki_ca_signing_csr_path=tmp/ca_signing.csr +#pki_ocsp_signing_csr_path=tmp/ca_ocsp_signing.csr +#pki_subsystem_csr_path=tmp/subsystem.csr +#pki_sslserver_csr_path=tmp/sslserver.csr +#pki_audit_signing_csr_path=tmp/ca_audit_signing.csr pki_ca_signing_nickname=ca_signing pki_ocsp_signing_nickname=ca_ocsp_signing -pki_audit_signing_nickname=ca_audit_signing -pki_sslserver_nickname=sslserver pki_subsystem_nickname=subsystem +pki_sslserver_nickname=sslserver +pki_audit_signing_nickname=ca_audit_signing EOF -pkispawn -f tmp/ca-external-step1.cfg -s CA -v +pkispawn -f tmp/ca-external-step1.cfg -s CA diff --git a/scripts/ca-external-step2.sh b/scripts/ca-external-step2.sh index c94ce19..9e16c46 100755 --- a/scripts/ca-external-step2.sh +++ b/scripts/ca-external-step2.sh @@ -4,7 +4,6 @@ mkdir -p tmp cat > tmp/ca-external-step2.cfg << EOF [DEFAULT] -#pki_instance_name=pki-child pki_pin=Secret.123 [CA] @@ -30,20 +29,28 @@ pki_token_password=Secret.123 pki_external=True pki_external_step_two=True -pki_external_csr_path=$PWD/tmp/ca_signing.csr -pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt + +#pki_external_csr_path=tmp/ca_signing.csr +pki_ca_signing_csr_path=tmp/ca_signing.csr + +#pki_external_ca_cert_path=tmp/ca_signing.crt +pki_ca_signing_cert_path=tmp/ca_signing.crt #pki_external_ca_cert_chain_nickname=external -pki_external_ca_cert_chain_nickname=Root CA Signing Certificate - ROOT -#pki_external_ca_cert_chain_nickname=External CA - EXTERNAL -#pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b -pki_external_ca_cert_chain_path=$PWD/tmp/external.crt +#pki_external_ca_cert_chain_nickname=Root CA Signing Certificate - ROOT +#pki_cert_chain_nickname=Root CA Signing Certificate - ROOT + +#pki_external_ca_cert_chain_path=tmp/cert_chain.p7b +#pki_external_ca_cert_chain_path=tmp/external.crt +#pki_cert_chain_path=tmp/external.crt pki_ca_signing_nickname=ca_signing pki_ocsp_signing_nickname=ca_ocsp_signing -pki_audit_signing_nickname=ca_audit_signing -pki_sslserver_nickname=sslserver pki_subsystem_nickname=subsystem +pki_sslserver_nickname=sslserver +pki_audit_signing_nickname=ca_audit_signing EOF -pkispawn -f tmp/ca-external-step2.cfg -s CA -v +pkispawn -f tmp/ca-external-step2.cfg -s CA + +echo $HOSTNAME > tmp/ca.hostname diff --git a/scripts/ca-step1.sh b/scripts/ca-step1.sh index 77487cf..2c419ae 100755 --- a/scripts/ca-step1.sh +++ b/scripts/ca-step1.sh @@ -1,5 +1,36 @@ #!/bin/sh -x -#pkispawn -v -f ca-step1.cfg -s CA -pkispawn -v -f ca.cfg -s CA --skip-configuration -#pkispawn -v -f ca.cfg -s CA --stop-at configuration +mkdir -p tmp + +cat > tmp/ca-step1.cfg << EOF +[DEFAULT] +pki_pin=Secret.123 + +[CA] +pki_admin_email=caadmin@example.com +pki_admin_name=caadmin +pki_admin_nickname=caadmin +pki_admin_password=Secret.123 +pki_admin_uid=caadmin + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com +pki_ds_password=Secret.123 +pki_ds_database=ca + +pki_security_domain_name=EXAMPLE + +pki_ca_signing_nickname=ca_signing +pki_ocsp_signing_nickname=ca_ocsp_signing +pki_audit_signing_nickname=ca_audit_signing +pki_sslserver_nickname=sslserver +pki_subsystem_nickname=subsystem + +pki_skip_configuration=True +EOF + +pkispawn -f tmp/ca-step1.cfg -s CA +#pkispawn -f tmp/ca.cfg -s CA --skip-configuration diff --git a/scripts/ca-step2.sh b/scripts/ca-step2.sh index 2112391..574f6ba 100755 --- a/scripts/ca-step2.sh +++ b/scripts/ca-step2.sh @@ -1,5 +1,41 @@ #!/bin/sh -x -#pkispawn -v -f ca-step2.cfg -s CA -pkispawn -v -f ca.cfg -s CA --skip-installation -#pkispawn -v -f ca.cfg -s CA --start-from configuration +mkdir -p tmp + +cat > tmp/ca-step2.cfg << EOF +[DEFAULT] +pki_pin=Secret.123 + +[CA] +pki_admin_email=caadmin@example.com +pki_admin_name=caadmin +pki_admin_nickname=caadmin +pki_admin_password=Secret.123 +pki_admin_uid=caadmin + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com +pki_ds_password=Secret.123 +pki_ds_database=ca + +pki_security_domain_name=EXAMPLE + +pki_ca_signing_nickname=ca_signing +pki_ocsp_signing_nickname=ca_ocsp_signing +pki_audit_signing_nickname=ca_audit_signing +pki_sslserver_nickname=sslserver +pki_subsystem_nickname=subsystem + +pki_skip_installation=True +EOF + +pkispawn -f tmp/ca-step2.cfg -s CA +#pkispawn -f tmp/ca.cfg -s CA --skip-installation + +#/bin/cp /root/.dogtag/pki-tomcat/ca_admin.cert . +#/bin/cp /root/.dogtag/pki-tomcat/ca_admin_cert.p12 . +#/bin/cp /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf ca_admin_cert.txt +echo $HOSTNAME > tmp/ca.hostname diff --git a/scripts/ca-sub-create.sh b/scripts/ca-sub-create.sh index 049fce8..aa65c1e 100755 --- a/scripts/ca-sub-create.sh +++ b/scripts/ca-sub-create.sh @@ -1,3 +1,43 @@ #!/bin/sh -x -pkispawn -v -f ca-sub.cfg -s CA +mkdir -p tmp + +ISSUING_CA=`cat tmp/root.txt` + +cat > tmp/ca-sub.cfg << EOF +[DEFAULT] +pki_pin=Secret.123 + +[CA] +pki_admin_email=caadmin@example.com +pki_admin_name=caadmin +pki_admin_nickname=caadmin +pki_admin_password=Secret.123 +pki_admin_uid=caadmin + +pki_subordinate=True +pki_issuing_ca_hostname=$ISSUING_CA +pki_issuing_ca_https_port=8443 +pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=EXAMPLE + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com +pki_ds_database=ca +pki_ds_password=Secret.123 + +pki_security_domain_hostname=$ISSUING_CA +pki_security_domain_https_port=8443 +pki_security_domain_user=caadmin +pki_security_domain_password=Secret.123 + +pki_ca_signing_nickname=ca_signing +pki_ocsp_signing_nickname=ca_ocsp_signing +pki_audit_signing_nickname=ca_audit_signing +pki_sslserver_nickname=sslserver +pki_subsystem_nickname=subsystem +EOF + +pkispawn -v -f tmp/ca-sub.cfg -s CA diff --git a/scripts/ca_signing-cmc-sign.sh b/scripts/ca_signing-cmc-sign.sh index c6b0eb8..5bab7ec 100755 --- a/scripts/ca_signing-cmc-sign.sh +++ b/scripts/ca_signing-cmc-sign.sh @@ -59,7 +59,8 @@ tokenname=internal nickname=caadmin # CMC servlet path -servlet=/ca/ee/ca/profileSubmitCMCFullCACert +#servlet=/ca/ee/ca/profileSubmitCMCFull +servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caCMCcaCert # Path for the CMC request. input=tmp/ca_signing-cmc-request.bin diff --git a/scripts/ca_signing-export.sh b/scripts/ca_signing-export.sh index 9e9a70a..d9ad743 100755 --- a/scripts/ca_signing-export.sh +++ b/scripts/ca_signing-export.sh @@ -1,3 +1,4 @@ #!/bin/sh -pki cert-show 0x1 --output tmp/ca_signing.crt +#pki cert-show 0x1 --output tmp/ca_signing.crt +pki -d /etc/pki/pki-tomcat/alias -c Secret.123 client-cert-show ca_signing --cert tmp/ca_signing.crt |