diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-30 01:34:27 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-30 01:34:27 -0500 |
| commit | c4e668243ec3db04e950d3423086810bd04be735 (patch) | |
| tree | 9cc61d7b063fc0c1a395b7139403932efc40901d /scripts | |
| parent | 40f09cbe1200fceea6943a9da274d9f9b249650a (diff) | |
| download | pki-dev-c4e668243ec3db04e950d3423086810bd04be735.tar.gz pki-dev-c4e668243ec3db04e950d3423086810bd04be735.tar.xz pki-dev-c4e668243ec3db04e950d3423086810bd04be735.zip | |
Added merged instance configuration.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/ca-merged-create.sh | 2 | ||||
| -rwxr-xr-x | scripts/kra-merged-create.sh | 2 | ||||
| -rwxr-xr-x | scripts/merged-certs.sh | 5 | ||||
| -rw-r--r-- | scripts/merged.cfg | 263 |
4 files changed, 270 insertions, 2 deletions
diff --git a/scripts/ca-merged-create.sh b/scripts/ca-merged-create.sh index 615ae67..b44538e 100755 --- a/scripts/ca-merged-create.sh +++ b/scripts/ca-merged-create.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkispawn -f ca-merged.cfg -s CA -v 2>&1 | tee build/ca-merged-create.log +pkispawn -f merged.cfg -s CA -v 2>&1 | tee build/ca-merged-create.log diff --git a/scripts/kra-merged-create.sh b/scripts/kra-merged-create.sh index 47f0932..91c3810 100755 --- a/scripts/kra-merged-create.sh +++ b/scripts/kra-merged-create.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkispawn -f kra-merged.cfg -s KRA -v 2>&1 | tee build/kra-merged-create.log +pkispawn -f merged.cfg -s KRA -v 2>&1 | tee build/kra-merged-create.log diff --git a/scripts/merged-certs.sh b/scripts/merged-certs.sh new file mode 100755 index 0000000..2ab4c82 --- /dev/null +++ b/scripts/merged-certs.sh @@ -0,0 +1,5 @@ +#!/bin/sh -x + +INSTANCE_NAME=master + +certutil -L -d /var/lib/pki/$INSTANCE_NAME/alias diff --git a/scripts/merged.cfg b/scripts/merged.cfg new file mode 100644 index 0000000..cd4073a --- /dev/null +++ b/scripts/merged.cfg @@ -0,0 +1,263 @@ +############################################################################### +## 'Sensitive' Data: ## +## ## +## Values in this section pertain to various PKI subsystems, and contain ## +## required 'sensitive' information which MUST ALWAYS be provided by users. ## +## ## +## IMPORTANT: Sensitive data values must NEVER be displayed to the ## +## console NOR stored in log files!!! ## +############################################################################### +[Sensitive] +pki_admin_password=Secret123 +pki_backup_password=Secret123 +pki_client_database_password=Secret123 +pki_client_pkcs12_password=Secret123 +pki_clone_pkcs12_password=Secret123 +pki_ds_password=Secret123 +pki_security_domain_password=Secret123 +pki_token_password=Secret123 +############################################################################### +## 'Common' Data: ## +## ## +## Values in this section are common to more than one PKI subsystem, and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## +## ## +## NOTE: Default values will be generated for any and all required ## +## 'common' data values which are left undefined. ## +############################################################################### +[Common] +pki_admin_cert_request_type=crmf +pki_admin_domain_name= +pki_admin_dualkey=False +pki_admin_keysize=2048 +pki_audit_group=pkiaudit +pki_audit_signing_key_algorithm=SHA256withRSA +pki_audit_signing_key_size=2048 +pki_audit_signing_key_type=rsa +pki_audit_signing_nickname= +pki_audit_signing_signing_algorithm=SHA256withRSA +pki_audit_signing_subject_dn= +pki_audit_signing_token= +pki_backup_keys=False +pki_client_database_dir= +pki_client_database_purge=True +pki_client_dir= +pki_ds_bind_dn=cn=Directory Manager +pki_ds_database= +pki_ds_hostname= +pki_ds_ldap_port=389 +pki_ds_ldaps_port=636 +pki_ds_remove_data=True +pki_ds_secure_connection=False +pki_group=pkiuser +pki_issuing_ca= +pki_restart_configured_instance=True +pki_security_domain_hostname= +pki_security_domain_https_port=8443 +pki_security_domain_name= +pki_security_domain_user= +pki_skip_configuration=False +pki_skip_installation=False +pki_ssl_server_key_algorithm=SHA256withRSA +pki_ssl_server_key_size=2048 +pki_ssl_server_key_type=rsa +pki_ssl_server_nickname= +pki_ssl_server_subject_dn= +pki_ssl_server_token= +pki_subsystem_key_algorithm=SHA256withRSA +pki_subsystem_key_size=2048 +pki_subsystem_key_type=rsa +pki_subsystem_nickname= +pki_subsystem_subject_dn= +pki_subsystem_token= +pki_token_name=internal +pki_user=pkiuser +############################################################################### +## 'Apache' Data: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Apache' (RA and TPS subsystems), and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[Apache] +pki_instance_name=pki-apache +pki_http_port=80 +pki_https_port=443 +############################################################################### +## 'Tomcat' Data: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## +## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## +## or a 'TKS Clone', change the value of 'pki_clone' ## +## from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[Tomcat] +pki_ajp_port=8009 +pki_clone=False +pki_clone_pkcs12_path= +pki_clone_replicate_schema=True +pki_clone_replication_master_port= +pki_clone_replication_clone_port= +pki_clone_replication_security=None +pki_clone_uri= +pki_enable_java_debugger=False +pki_enable_proxy=False +pki_http_port=8080 +pki_https_port=8443 +pki_instance_name=master +pki_proxy_http_port=80 +pki_proxy_https_port=443 +pki_security_manager=true +pki_tomcat_server_port=8005 +############################################################################### +## 'CA' Data: ## +## ## +## Values in this section are common to CA subsystems including 'PKI CAs', ## +## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## EXTERNAL CAs: To specify an 'External CA', change the value ## +## of 'pki_external' from 'False' to 'True'. ## +## ## +## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## +## of 'pki_subordinate' from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[CA] +pki_admin_email=ca_admin@example.com +pki_admin_name=CA Admin +pki_admin_nickname=ca-admin +pki_admin_subject_dn=cn=CA Admin,dc=ca,dc=example,dc=com +pki_admin_uid=ca_admin +pki_ca_signing_key_algorithm=SHA256withRSA +pki_ca_signing_key_size=2048 +pki_ca_signing_key_type=rsa +pki_ca_signing_nickname= +pki_ca_signing_signing_algorithm=SHA256withRSA +pki_ca_signing_subject_dn= +pki_ca_signing_token= +pki_ds_base_dn=dc=ca,dc=example,dc=com +pki_external=False +pki_external_ca_cert_chain_path= +pki_external_ca_cert_path= +pki_external_csr_path= +pki_external_step_two=False +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subordinate=False +pki_subsystem=CA +pki_subsystem_name= +############################################################################### +## 'KRA' Data: ## +## ## +## Values in this section are common to KRA subsystems ## +## including 'PKI KRAs' and 'Cloned KRAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[KRA] +pki_admin_email=kra_admin@example.com +pki_admin_name=KRA Admin +pki_admin_nickname=kra-admin +pki_admin_subject_dn=cn=KRA Admin,dc=kra,dc=example,dc=com +pki_admin_uid=kra_admin +pki_ds_base_dn=dc=kra,dc=example,dc=com +pki_storage_key_algorithm=SHA256withRSA +pki_storage_key_size=2048 +pki_storage_key_type=rsa +pki_storage_nickname= +pki_storage_signing_algorithm=SHA256withRSA +pki_storage_subject_dn= +pki_storage_token= +pki_subsystem=KRA +pki_subsystem_name= +pki_transport_key_algorithm=SHA256withRSA +pki_transport_key_size=2048 +pki_transport_key_type=rsa +pki_transport_nickname= +pki_transport_signing_algorithm=SHA256withRSA +pki_transport_subject_dn= +pki_transport_token= +############################################################################### +## 'OCSP' Data: ## +## ## +## Values in this section are common to OCSP subsystems ## +## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[OCSP] +pki_admin_email=ocsp_admin@example.com +pki_admin_name=OCSP Admin +pki_admin_nickname=ocsp-admin +pki_admin_subject_dn=cn=OCSP Admin,dc=ocsp,dc=example,dc=com +pki_admin_uid=ocsp_admin +pki_ds_base_dn=dc=ocsp,dc=example,dc=com +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subsystem=OCSP +pki_subsystem_name= +############################################################################### +## 'RA' Data: ## +## ## +## Values in this section are common to PKI RA subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[RA] +pki_admin_email=ra_admin@example.com +pki_admin_name=RA Admin +pki_admin_nickname=ra-admin +pki_admin_subject_dn=cn=RA Admin,dc=ra,dc=example,dc=com +pki_admin_uid=ra_admin +pki_ds_base_dn=dc=ra,dc=example,dc=com +pki_subsystem=RA +pki_subsystem_name= +############################################################################### +## 'TKS' Data: ## +## ## +## Values in this section are common to TKS subsystems ## +## including 'PKI TKSs' and 'Cloned TKSs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TKS] +pki_admin_email=tks_admin@example.com +pki_admin_name=TKS Admin +pki_admin_nickname=tks-admin +pki_admin_subject_dn=cn=TKS Admin,dc=tks,dc=example,dc=com +pki_admin_uid=tks_admin +pki_ds_base_dn=dc=tks,dc=example,dc=com +pki_subsystem=TKS +pki_subsystem_name= +############################################################################### +## 'TPS' Data: ## +## ## +## Values in this section are common to PKI TPS subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TPS] +pki_admin_email=tps_admin@example.com +pki_admin_name=TPS Admin +pki_admin_nickname=tps-admin +pki_admin_subject_dn=cn=TPS Admin,dc=tps,dc=example,dc=com +pki_admin_uid=tps_admin +pki_ds_base_dn=dc=tps,dc=example,dc=com +pki_subsystem=TPS +pki_subsystem_name= |