summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-07-20 08:00:56 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-07-20 08:00:56 +0200
commitf0f39288d640a0b0a755c49fdc08f1219c386ca7 (patch)
tree2ee3c2c647246c72100407a08cf865e81071fdaa /scripts
parent1e99e99968569712fcc6975e37f07e1c351b6d53 (diff)
downloadpki-dev-f0f39288d640a0b0a755c49fdc08f1219c386ca7.tar.gz
pki-dev-f0f39288d640a0b0a755c49fdc08f1219c386ca7.tar.xz
pki-dev-f0f39288d640a0b0a755c49fdc08f1219c386ca7.zip
Added existing CA scripts.
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/existing-hsm-create.sh27
-rwxr-xr-xscripts/existing-hsm-export.sh34
-rwxr-xr-xscripts/existing-nss-export.sh7
-rwxr-xr-xscripts/existing-nss-step1.sh5
-rwxr-xr-xscripts/existing-nss-step2.sh15
-rwxr-xr-xscripts/existing-step1-p12.sh3
-rwxr-xr-xscripts/existing-step2-p12.sh23
-rwxr-xr-xscripts/existing-step2.sh4
8 files changed, 115 insertions, 3 deletions
diff --git a/scripts/existing-hsm-create.sh b/scripts/existing-hsm-create.sh
new file mode 100755
index 0000000..9ab138e
--- /dev/null
+++ b/scripts/existing-hsm-create.sh
@@ -0,0 +1,27 @@
+#!/bin/sh -x
+
+rm -rf /tmp/ca_signing.csr
+rm -rf /tmp/ca_signing.crt
+rm -rf /tmp/ca_ocsp_signing.csr
+rm -rf /tmp/ca_ocsp_signing.crt
+rm -rf /tmp/ca_audit_signing.csr
+rm -rf /tmp/ca_audit_signing.crt
+rm -rf /tmp/subsystem.csr
+rm -rf /tmp/subsystem.crt
+rm -rf /tmp/sslserver.csr
+rm -rf /tmp/sslserver.crt
+rm -rf /tmp/external.crt
+
+/bin/cp ca_signing.csr /tmp
+/bin/cp ca_signing.crt /tmp
+/bin/cp ca_ocsp_signing.csr /tmp
+/bin/cp ca_ocsp_signing.crt /tmp
+/bin/cp ca_audit_signing.csr /tmp
+/bin/cp ca_audit_signing.crt /tmp
+/bin/cp subsystem.csr /tmp
+/bin/cp subsystem.crt /tmp
+/bin/cp sslserver.csr /tmp
+/bin/cp sslserver.crt /tmp
+/bin/cp external.crt /tmp
+
+pkispawn -v -f existing-hsm.cfg -s CA
diff --git a/scripts/existing-hsm-export.sh b/scripts/existing-hsm-export.sh
new file mode 100755
index 0000000..7003ef6
--- /dev/null
+++ b/scripts/existing-hsm-export.sh
@@ -0,0 +1,34 @@
+#!/bin/sh -x
+
+rm -rf ca_signing.csr
+rm -rf ca_ocsp_signing.csr
+rm -rf ca_audit_signing.csr
+rm -rf subsystem.csr
+rm -rf sslserver.csr
+
+
+certutil -L -d /var/lib/pki/pki-tomcat/alias -n "edewata/pki-tomcat/ca_signing" -a > ca_signing.crt
+#certutil -L -d /var/lib/pki/pki-tomcat/alias -n "edewata/pki-tomcat/ca_ocsp_signing" -a > ca_ocsp_signing.crt
+#certutil -L -d /var/lib/pki/pki-tomcat/alias -n "edewata/pki-tomcat/ca_audit_signing" -a > ca_audit_signing.crt
+#certutil -L -d /var/lib/pki/pki-tomcat/alias -n "edewata/pki-tomcat/subsystem" -a > subsystem.crt
+#certutil -L -d /var/lib/pki/pki-tomcat/alias -n "edewata/pki-tomcat/sslserver" -a > sslserver.crt
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_signing.csr
+sed -n "/^ca.signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_signing.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_signing.csr
+
+#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_ocsp_signing.csr
+#sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_ocsp_signing.csr
+#echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_ocsp_signing.csr
+
+#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_audit_signing.csr
+#sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_audit_signing.csr
+#echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_audit_signing.csr
+
+#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > subsystem.csr
+#sed -n "/^ca.subsystem.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> subsystem.csr
+#echo "-----END NEW CERTIFICATE REQUEST-----" >> subsystem.csr
+
+#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > sslserver.csr
+#sed -n "/^ca.sslserver.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> sslserver.csr
+#echo "-----END NEW CERTIFICATE REQUEST-----" >> sslserver.csr
diff --git a/scripts/existing-nss-export.sh b/scripts/existing-nss-export.sh
new file mode 100755
index 0000000..07008f7
--- /dev/null
+++ b/scripts/existing-nss-export.sh
@@ -0,0 +1,7 @@
+#!/bin/sh -x
+
+grep internal= /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2;}' > internal.txt
+
+tar chzvf nssdb.tar.gz -C /var/lib/pki/pki-tomcat/alias .
+
+pki-server subsystem-cert-export ca signing --csr-file ca_signing.csr
diff --git a/scripts/existing-nss-step1.sh b/scripts/existing-nss-step1.sh
new file mode 100755
index 0000000..8feccf3
--- /dev/null
+++ b/scripts/existing-nss-step1.sh
@@ -0,0 +1,5 @@
+#!/bin/sh -x
+
+rm -rf /tmp/ca_signing.csr
+
+pkispawn -v -f existing-nss-step1.cfg -s CA
diff --git a/scripts/existing-nss-step2.sh b/scripts/existing-nss-step2.sh
new file mode 100755
index 0000000..ae7c040
--- /dev/null
+++ b/scripts/existing-nss-step2.sh
@@ -0,0 +1,15 @@
+#!/bin/sh -x
+
+/bin/cp -f ca_signing.csr /tmp
+/bin/cp -f internal.txt /tmp
+/bin/cp -f nssdb.tar.gz /tmp
+
+sed -i "s/internal=.*/internal=`cat /tmp/internal.txt`/" /var/lib/pki/pki-tomcat/conf/password.conf
+
+tar xvf /tmp/nssdb.tar.gz -C /var/lib/pki/pki-tomcat/alias
+#certutil -F -d /var/lib/pki/pki-tomcat/alias -f /tmp/internal.txt -n "Server-Cert cert-pki-tomcat"
+certutil -F -d /var/lib/pki/pki-tomcat/alias -f /tmp/internal.txt -n "subsystemCert cert-pki-tomcat"
+certutil -F -d /var/lib/pki/pki-tomcat/alias -f /tmp/internal.txt -n "ocspSigningCert cert-pki-tomcat CA"
+certutil -F -d /var/lib/pki/pki-tomcat/alias -f /tmp/internal.txt -n "auditSigningCert cert-pki-tomcat CA"
+
+pkispawn -v -f existing-nss-step2.cfg -s CA
diff --git a/scripts/existing-step1-p12.sh b/scripts/existing-step1-p12.sh
new file mode 100755
index 0000000..9bb61a7
--- /dev/null
+++ b/scripts/existing-step1-p12.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+pkispawn -v -f existing-step1-p12.cfg -s CA
diff --git a/scripts/existing-step2-p12.sh b/scripts/existing-step2-p12.sh
new file mode 100755
index 0000000..c169960
--- /dev/null
+++ b/scripts/existing-step2-p12.sh
@@ -0,0 +1,23 @@
+#!/bin/sh -x
+
+rm -rf /tmp/ca.p12
+rm -rf /tmp/external.crt
+rm -rf /tmp/ca_signing.csr
+rm -rf /tmp/ca_ocsp_signing.csr
+rm -rf /tmp/ca_audit_signing.csr
+rm -rf /tmp/sslserver.csr
+rm -rf /tmp/subsystem.csr
+
+/bin/cp ca.p12 /tmp
+/bin/cp external.crt /tmp
+/bin/cp ca_signing.csr /tmp
+/bin/cp ca_ocsp_signing.csr /tmp
+/bin/cp ca_audit_signing.csr /tmp
+/bin/cp sslserver.csr /tmp
+/bin/cp subsystem.csr /tmp
+
+#/bin/cp -f ca_signing.csr /tmp
+#/bin/cp -f ca_signing.p12 /tmp
+#/bin/cp -f cert_chain.p7b /tmp
+
+pkispawn -v -f existing-step2-p12.cfg -s CA
diff --git a/scripts/existing-step2.sh b/scripts/existing-step2.sh
index 079d2c9..fd8a96d 100755
--- a/scripts/existing-step2.sh
+++ b/scripts/existing-step2.sh
@@ -1,8 +1,6 @@
#!/bin/sh -x
-mkdir -p build
-
/bin/cp -f ca_signing.csr /tmp
/bin/cp -f ca.p12 /tmp
-pkispawn -v -f existing-step2.cfg -s CA 2>&1 | tee build/existing-step2.log
+pkispawn -v -f existing-step2.cfg -s CA