Updated standalone OCSP scripts.

3 files changed, 98 insertions, 24 deletions

diff --git a/scripts/ocsp-standalone-sign.sh b/scripts/ocsp-standalone-sign.sh
index 68dd4bd..f60b655 100755
--- a/scripts/ocsp-standalone-sign.sh
+++ b/scripts/ocsp-standalone-sign.sh
@@ -2,56 +2,56 @@
 
 #### CA Cert ####
 
-pki cert-show --output external_ca.cert 0x1
-#pki cert-show --output external_ca_chain.cert 0x1
+pki cert-show --output tmp/ca_signing.crt 0x1
+#pki cert-show --output cert_chain.p7b 0x1
 
 #### Admin Cert ####
 
-REQUEST_ID=`pki ca-cert-request-submit --profile caUserCert --csr-file ocsp_admin.csr --subject uid=ocspadmin | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+REQUEST_ID=`pki ca-cert-request-submit --profile caUserCert --csr-file tmp/ocsp_admin.csr --subject uid=ocspadmin | grep "Request ID:" | awk -F ': ' '{print $2;}'`
 echo Request ID: $REQUEST_ID
 
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
 echo Certificate ID: $CERT_ID
 
-pki cert-show --output ocsp_admin.cert $CERT_ID
+pki cert-show --output tmp/ocsp_admin.crt $CERT_ID
 
 #### OCSP Signing Cert ####
 
-REQUEST_ID=`pki ca-cert-request-submit --profile caOCSPSigningCert --csr-file ocsp_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+REQUEST_ID=`pki ca-cert-request-submit --profile caOCSPCert --csr-file tmp/ocsp_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
 echo Request ID: $REQUEST_ID
 
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
 echo Certificate ID: $CERT_ID
 
-pki cert-show --output ocsp_signing.cert $CERT_ID
+pki cert-show --output tmp/ocsp_signing.crt $CERT_ID
 
 #### Server Cert ####
 
-REQUEST_ID=`pki ca-cert-request-submit --profile caServerCert --csr-file ocsp_sslserver.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+REQUEST_ID=`pki ca-cert-request-submit --profile caServerCert --csr-file tmp/sslserver.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
 echo Request ID: $REQUEST_ID
 
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
 echo Certificate ID: $CERT_ID
 
-pki cert-show --output ocsp_sslserver.cert $CERT_ID
+pki cert-show --output tmp/sslserver.crt $CERT_ID
 
 #### Subsystem Cert ####
 
-REQUEST_ID=`pki ca-cert-request-submit --profile caSubsystemCert --csr-file ocsp_subsystem.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+REQUEST_ID=`pki ca-cert-request-submit --profile caSubsystemCert --csr-file tmp/subsystem.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
 echo Request ID: $REQUEST_ID
 
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
 echo Certificate ID: $CERT_ID
 
-pki cert-show --output ocsp_subsystem.cert $CERT_ID
+pki cert-show --output tmp/subsystem.crt $CERT_ID
 
 #### Audit Signing Cert ####
 
-REQUEST_ID=`pki ca-cert-request-submit --profile caSignedLogCert --csr-file ocsp_audit_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+REQUEST_ID=`pki ca-cert-request-submit --profile caSignedLogCert --csr-file tmp/ocsp_audit_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
 echo Request ID: $REQUEST_ID
 
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
 echo Certificate ID: $CERT_ID
 
-pki cert-show --output ocsp_audit_signing.cert $CERT_ID
+pki cert-show --output tmp/ocsp_audit_signing.crt $CERT_ID
 
diff --git a/scripts/ocsp-standalone-step1.sh b/scripts/ocsp-standalone-step1.sh
index 0d14be4..7cd161e 100755
--- a/scripts/ocsp-standalone-step1.sh
+++ b/scripts/ocsp-standalone-step1.sh
@@ -1,9 +1,42 @@
 #!/bin/sh -x
 
-pkispawn -v -f ocsp-standalone-step1.cfg -s OCSP
+mkdir -p tmp
 
-cp /etc/pki/pki-tomcat/ocsp_admin.csr .
-cp /etc/pki/pki-tomcat/ocsp_audit_signing.csr .
-cp /etc/pki/pki-tomcat/ocsp_signing.csr .
-cp /etc/pki/pki-tomcat/ocsp_sslserver.csr .
-cp /etc/pki/pki-tomcat/ocsp_subsystem.csr .
+cat > tmp/ocsp-standalone-step1.cfg << EOF
+[OCSP]
+pki_admin_email=ocspadmin@example.com
+pki_admin_name=ocspadmin
+pki_admin_nickname=ocspadmin
+pki_admin_password=Secret.123
+pki_admin_uid=ocspadmin
+
+#pki_backup_keys=True
+#pki_backup_password=Secret.123
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ocsp,dc=pki,dc=example,dc=com
+pki_ds_password=Secret.123
+pki_ds_database=ocsp
+
+pki_security_domain_name=EXAMPLE
+pki_token_password=Secret.123
+
+pki_standalone=True
+pki_external_step_two=False
+
+pki_signing_nickname=ocsp_signing
+pki_audit_signing_nickname=ocsp_audit_signing
+pki_ssl_server_nickname=sslserver
+pki_subsystem_nickname=subsystem
+
+pki_external_admin_csr_path=$PWD/tmp/ocsp_admin.csr
+pki_external_audit_signing_csr_path=$PWD/tmp/ocsp_audit_signing.csr
+pki_external_signing_csr_path=$PWD/tmp/ocsp_signing.csr
+pki_external_sslserver_csr_path=$PWD/tmp/sslserver.csr
+pki_external_subsystem_csr_path=$PWD/tmp/subsystem.csr
+EOF
+
+pkispawn -v -f tmp/ocsp-standalone-step1.cfg -s OCSP
diff --git a/scripts/ocsp-standalone-step2.sh b/scripts/ocsp-standalone-step2.sh
index fabf3a8..e2d5162 100755
--- a/scripts/ocsp-standalone-step2.sh
+++ b/scripts/ocsp-standalone-step2.sh
@@ -1,5 +1,7 @@
 #!/bin/sh -x
 
+mkdir -p tmp
+
 cp external_ca.cert /etc/pki/pki-tomcat
 cp external_ca_chain.cert /etc/pki/pki-tomcat
 
@@ -9,4 +11,43 @@ cp ocsp_sslserver.cert /etc/pki/pki-tomcat
 cp ocsp_subsystem.cert /etc/pki/pki-tomcat
 cp ocsp_audit_signing.cert /etc/pki/pki-tomcat
 
-pkispawn -v -f ocsp-standalone-step2.cfg -s OCSP
+cat > tmp/ocsp-standalone-step2.cfg << EOF
+[OCSP]
+pki_admin_email=ocspadmin@example.com
+pki_admin_name=ocspadmin
+pki_admin_nickname=ocspadmin
+pki_admin_password=Secret.123
+pki_admin_uid=ocspadmin
+
+#pki_backup_keys=True
+#pki_backup_password=Secret.123
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ocsp,dc=pki,dc=example,dc=com
+pki_ds_password=Secret.123
+pki_ds_database=ocsp
+
+pki_security_domain_name=EXAMPLE
+pki_token_password=Secret.123
+
+pki_standalone=True
+pki_external_step_two=True
+
+pki_audit_signing_nickname=ocsp_audit_signing
+pki_signing_nickname=ocsp_signing
+pki_ssl_server_nickname=sslserver
+pki_subsystem_nickname=subsystem
+
+pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b
+pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt
+pki_external_admin_cert_path=$PWD/tmp/ocsp_admin.crt
+pki_external_audit_signing_cert_path=$PWD/tmp/ocsp_audit_signing.crt
+pki_external_signing_cert_path=$PWD/tmp/ocsp_signing.crt
+pki_external_sslserver_cert_path=$PWD/tmp/sslserver.crt
+pki_external_subsystem_cert_path=$PWD/tmp/subsystem.crt
+EOF
+
+pkispawn -v -f tmp/ocsp-standalone-step2.cfg -s OCSP