diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-07-25 06:03:36 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-25 06:03:36 +0200 |
commit | 78fcfec59faee408142ed75e61025ccab0c72acc (patch) | |
tree | ccad2a51b956502752a7a477994d6a4228657fcc /scripts | |
parent | 37b05bb922233566f5d9f75c09fb18acad3a862d (diff) | |
download | pki-dev-78fcfec59faee408142ed75e61025ccab0c72acc.tar.gz pki-dev-78fcfec59faee408142ed75e61025ccab0c72acc.tar.xz pki-dev-78fcfec59faee408142ed75e61025ccab0c72acc.zip |
Updated standalone OCSP scripts.
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/ocsp-standalone-sign.sh | 34 | ||||
-rwxr-xr-x | scripts/ocsp-standalone-step1.sh | 45 | ||||
-rwxr-xr-x | scripts/ocsp-standalone-step2.sh | 43 |
3 files changed, 98 insertions, 24 deletions
diff --git a/scripts/ocsp-standalone-sign.sh b/scripts/ocsp-standalone-sign.sh index 68dd4bd..f60b655 100755 --- a/scripts/ocsp-standalone-sign.sh +++ b/scripts/ocsp-standalone-sign.sh @@ -2,56 +2,56 @@ #### CA Cert #### -pki cert-show --output external_ca.cert 0x1 -#pki cert-show --output external_ca_chain.cert 0x1 +pki cert-show --output tmp/ca_signing.crt 0x1 +#pki cert-show --output cert_chain.p7b 0x1 #### Admin Cert #### -REQUEST_ID=`pki ca-cert-request-submit --profile caUserCert --csr-file ocsp_admin.csr --subject uid=ocspadmin | grep "Request ID:" | awk -F ': ' '{print $2;}'` +REQUEST_ID=`pki ca-cert-request-submit --profile caUserCert --csr-file tmp/ocsp_admin.csr --subject uid=ocspadmin | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID -CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID -pki cert-show --output ocsp_admin.cert $CERT_ID +pki cert-show --output tmp/ocsp_admin.crt $CERT_ID #### OCSP Signing Cert #### -REQUEST_ID=`pki ca-cert-request-submit --profile caOCSPSigningCert --csr-file ocsp_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +REQUEST_ID=`pki ca-cert-request-submit --profile caOCSPCert --csr-file tmp/ocsp_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID -CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID -pki cert-show --output ocsp_signing.cert $CERT_ID +pki cert-show --output tmp/ocsp_signing.crt $CERT_ID #### Server Cert #### -REQUEST_ID=`pki ca-cert-request-submit --profile caServerCert --csr-file ocsp_sslserver.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +REQUEST_ID=`pki ca-cert-request-submit --profile caServerCert --csr-file tmp/sslserver.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID -CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID -pki cert-show --output ocsp_sslserver.cert $CERT_ID +pki cert-show --output tmp/sslserver.crt $CERT_ID #### Subsystem Cert #### -REQUEST_ID=`pki ca-cert-request-submit --profile caSubsystemCert --csr-file ocsp_subsystem.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +REQUEST_ID=`pki ca-cert-request-submit --profile caSubsystemCert --csr-file tmp/subsystem.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID -CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID -pki cert-show --output ocsp_subsystem.cert $CERT_ID +pki cert-show --output tmp/subsystem.crt $CERT_ID #### Audit Signing Cert #### -REQUEST_ID=`pki ca-cert-request-submit --profile caSignedLogCert --csr-file ocsp_audit_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +REQUEST_ID=`pki ca-cert-request-submit --profile caSignedLogCert --csr-file tmp/ocsp_audit_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID -CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +CERT_ID=`pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID -pki cert-show --output ocsp_audit_signing.cert $CERT_ID +pki cert-show --output tmp/ocsp_audit_signing.crt $CERT_ID diff --git a/scripts/ocsp-standalone-step1.sh b/scripts/ocsp-standalone-step1.sh index 0d14be4..7cd161e 100755 --- a/scripts/ocsp-standalone-step1.sh +++ b/scripts/ocsp-standalone-step1.sh @@ -1,9 +1,42 @@ #!/bin/sh -x -pkispawn -v -f ocsp-standalone-step1.cfg -s OCSP +mkdir -p tmp -cp /etc/pki/pki-tomcat/ocsp_admin.csr . -cp /etc/pki/pki-tomcat/ocsp_audit_signing.csr . -cp /etc/pki/pki-tomcat/ocsp_signing.csr . -cp /etc/pki/pki-tomcat/ocsp_sslserver.csr . -cp /etc/pki/pki-tomcat/ocsp_subsystem.csr . +cat > tmp/ocsp-standalone-step1.cfg << EOF +[OCSP] +pki_admin_email=ocspadmin@example.com +pki_admin_name=ocspadmin +pki_admin_nickname=ocspadmin +pki_admin_password=Secret.123 +pki_admin_uid=ocspadmin + +#pki_backup_keys=True +#pki_backup_password=Secret.123 + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=ocsp,dc=pki,dc=example,dc=com +pki_ds_password=Secret.123 +pki_ds_database=ocsp + +pki_security_domain_name=EXAMPLE +pki_token_password=Secret.123 + +pki_standalone=True +pki_external_step_two=False + +pki_signing_nickname=ocsp_signing +pki_audit_signing_nickname=ocsp_audit_signing +pki_ssl_server_nickname=sslserver +pki_subsystem_nickname=subsystem + +pki_external_admin_csr_path=$PWD/tmp/ocsp_admin.csr +pki_external_audit_signing_csr_path=$PWD/tmp/ocsp_audit_signing.csr +pki_external_signing_csr_path=$PWD/tmp/ocsp_signing.csr +pki_external_sslserver_csr_path=$PWD/tmp/sslserver.csr +pki_external_subsystem_csr_path=$PWD/tmp/subsystem.csr +EOF + +pkispawn -v -f tmp/ocsp-standalone-step1.cfg -s OCSP diff --git a/scripts/ocsp-standalone-step2.sh b/scripts/ocsp-standalone-step2.sh index fabf3a8..e2d5162 100755 --- a/scripts/ocsp-standalone-step2.sh +++ b/scripts/ocsp-standalone-step2.sh @@ -1,5 +1,7 @@ #!/bin/sh -x +mkdir -p tmp + cp external_ca.cert /etc/pki/pki-tomcat cp external_ca_chain.cert /etc/pki/pki-tomcat @@ -9,4 +11,43 @@ cp ocsp_sslserver.cert /etc/pki/pki-tomcat cp ocsp_subsystem.cert /etc/pki/pki-tomcat cp ocsp_audit_signing.cert /etc/pki/pki-tomcat -pkispawn -v -f ocsp-standalone-step2.cfg -s OCSP +cat > tmp/ocsp-standalone-step2.cfg << EOF +[OCSP] +pki_admin_email=ocspadmin@example.com +pki_admin_name=ocspadmin +pki_admin_nickname=ocspadmin +pki_admin_password=Secret.123 +pki_admin_uid=ocspadmin + +#pki_backup_keys=True +#pki_backup_password=Secret.123 + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=ocsp,dc=pki,dc=example,dc=com +pki_ds_password=Secret.123 +pki_ds_database=ocsp + +pki_security_domain_name=EXAMPLE +pki_token_password=Secret.123 + +pki_standalone=True +pki_external_step_two=True + +pki_audit_signing_nickname=ocsp_audit_signing +pki_signing_nickname=ocsp_signing +pki_ssl_server_nickname=sslserver +pki_subsystem_nickname=subsystem + +pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b +pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt +pki_external_admin_cert_path=$PWD/tmp/ocsp_admin.crt +pki_external_audit_signing_cert_path=$PWD/tmp/ocsp_audit_signing.crt +pki_external_signing_cert_path=$PWD/tmp/ocsp_signing.crt +pki_external_sslserver_cert_path=$PWD/tmp/sslserver.crt +pki_external_subsystem_cert_path=$PWD/tmp/subsystem.crt +EOF + +pkispawn -v -f tmp/ocsp-standalone-step2.cfg -s OCSP |