diff options
| -rwxr-xr-x | scripts/ca-create.sh | 2 | ||||
| -rwxr-xr-x | scripts/ca-debug.sh | 7 | ||||
| -rwxr-xr-x | scripts/ca-remove.sh | 4 | ||||
| -rw-r--r-- | scripts/ca.cfg | 5 | ||||
| -rwxr-xr-x | scripts/cert-request-approve.sh | 10 | ||||
| -rwxr-xr-x | scripts/cert-request-review.sh | 2 | ||||
| -rw-r--r-- | scripts/kra.cfg | 5 | ||||
| -rwxr-xr-x | scripts/nuke.sh | 2 | ||||
| -rw-r--r-- | scripts/ocsp.cfg | 5 | ||||
| -rw-r--r-- | scripts/tks.cfg | 5 |
10 files changed, 32 insertions, 15 deletions
diff --git a/scripts/ca-create.sh b/scripts/ca-create.sh index ac9896b..73d0e83 100755 --- a/scripts/ca-create.sh +++ b/scripts/ca-create.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkispawn -f ca.cfg -s CA -v 2>&1 | tee build/ca-create.log +pkispawn -f ca.cfg -s CA 2>&1 | tee build/ca-create.log diff --git a/scripts/ca-debug.sh b/scripts/ca-debug.sh new file mode 100755 index 0000000..0d4439e --- /dev/null +++ b/scripts/ca-debug.sh @@ -0,0 +1,7 @@ +#!/bin/sh -x + +INSTANCE_NAME=ca-master +FILE=/etc/sysconfig/ca-master + +sed 's/#\(JAVA_OPTS="-Xdebug.*\)/\1/' < $FILE > $FILE.tmp +mv $FILE.tmp $FILE diff --git a/scripts/ca-remove.sh b/scripts/ca-remove.sh index 1177995..b8719f2 100755 --- a/scripts/ca-remove.sh +++ b/scripts/ca-remove.sh @@ -1,6 +1,6 @@ -#!/bin/sh -x +#!/bin/sh SRC_DIR=`cd ../.. ; pwd` INSTANCE_NAME=ca-master -pkidestroy -v -s CA -i $INSTANCE_NAME +pkidestroy -s CA -i $INSTANCE_NAME diff --git a/scripts/ca.cfg b/scripts/ca.cfg index e6a69b5..a6ee869 100644 --- a/scripts/ca.cfg +++ b/scripts/ca.cfg @@ -1,3 +1,7 @@ +[DEFAULT] +pki_instance_name=ca-master +#pki_skip_configuration=True + [CA] pki_admin_email=caadmin@example.com pki_admin_name=caadmin @@ -13,7 +17,6 @@ pki_ds_base_dn=dc=ca,dc=example,dc=com pki_ds_bind_dn=cn=Directory Manager pki_ds_database=ca pki_ds_password=Secret123 -pki_instance_name=ca-master pki_security_domain_name=EXAMPLE pki_security_domain_user=caadmin pki_security_domain_password=Secret123 diff --git a/scripts/cert-request-approve.sh b/scripts/cert-request-approve.sh index f360323..d0c46ae 100755 --- a/scripts/cert-request-approve.sh +++ b/scripts/cert-request-approve.sh @@ -1,14 +1,10 @@ #!/bin/sh -INPUT=$1 - -if [ "$INPUT" == "" ]; then - INPUT=cert-request-review.xml -fi +REQUEST_ID=$1 SRC_DIR=`cd ../.. ; pwd` INSTANCE_NAME=ca-master -CLIENT_CERT_DIR=$HOME/.pki/${INSTANCE_NAME}_ca/alias +CLIENT_CERT_DIR=$HOME/.pki/${INSTANCE_NAME}/ca/alias # Approve request as an agent -pki -d $CLIENT_CERT_DIR -w Secret123 -n caadmin cert-request-approve "$INPUT" +pki -d $CLIENT_CERT_DIR -w Secret123 -n caadmin cert-request-review "$REQUEST_ID" --action approve diff --git a/scripts/cert-request-review.sh b/scripts/cert-request-review.sh index e3184be..e636611 100755 --- a/scripts/cert-request-review.sh +++ b/scripts/cert-request-review.sh @@ -9,7 +9,7 @@ fi SRC_DIR=`cd ../.. ; pwd` INSTANCE_NAME=ca-master -CLIENT_CERT_DIR=$HOME/.pki/${INSTANCE_NAME}_ca/alias +CLIENT_CERT_DIR=$HOME/.pki/${INSTANCE_NAME}/ca/alias # Review request as an agent pki -d $CLIENT_CERT_DIR -w Secret123 -n caadmin cert-request-review "$REQUEST_ID" --output "$OUTPUT" diff --git a/scripts/kra.cfg b/scripts/kra.cfg index cdce543..7d18b66 100644 --- a/scripts/kra.cfg +++ b/scripts/kra.cfg @@ -1,5 +1,9 @@ +[DEFAULT] +pki_instance_name=kra-master + [KRA] pki_ajp_port=12009 +pki_admin_cert_file=/root/.pki/ca-master/ca_admin.cert pki_admin_email=kraadmin@example.com pki_admin_name=kraadmin pki_admin_nickname=kraadmin @@ -15,7 +19,6 @@ pki_ds_database=kra pki_ds_password=Secret123 pki_http_port=12080 pki_https_port=12443 -pki_instance_name=kra-master pki_security_domain_name=EXAMPLE pki_security_domain_user=caadmin pki_security_domain_password=Secret123 diff --git a/scripts/nuke.sh b/scripts/nuke.sh index 3634d0f..b2949ba 100755 --- a/scripts/nuke.sh +++ b/scripts/nuke.sh @@ -9,6 +9,8 @@ fi echo "Deleting instance $INSTANCE_NAME" +ps -ef | grep catalina.base=/var/lib/pki/$INSTANCE_NAME | grep -v grep | awk '{print $2}' | xargs kill -9 + rm -rf /etc/pki/$INSTANCE_NAME rm -rf /etc/sysconfig/$INSTANCE_NAME rm -rf /etc/sysconfig/pki/tomcat/$INSTANCE_NAME diff --git a/scripts/ocsp.cfg b/scripts/ocsp.cfg index c845f99..ff211a4 100644 --- a/scripts/ocsp.cfg +++ b/scripts/ocsp.cfg @@ -1,5 +1,9 @@ +[DEFAULT] +pki_instance_name=ocsp-master + [OCSP] pki_ajp_port=15009 +pki_admin_cert_file=/root/.pki/ca-master/ca_admin.cert pki_admin_email=ocspadmin@example.com pki_admin_name=ocspadmin pki_admin_nickname=ocspadmin @@ -15,7 +19,6 @@ pki_ds_database=ocsp pki_ds_password=Secret123 pki_http_port=15080 pki_https_port=15443 -pki_instance_name=ocsp-master pki_security_domain_name=EXAMPLE pki_security_domain_user=caadmin pki_security_domain_password=Secret123 diff --git a/scripts/tks.cfg b/scripts/tks.cfg index 325c13f..73f9e10 100644 --- a/scripts/tks.cfg +++ b/scripts/tks.cfg @@ -1,5 +1,9 @@ +[DEFAULT] +pki_instance_name=tks-master + [TKS] pki_ajp_port=14009 +pki_admin_cert_file=/root/.pki/ca-master/ca_admin.cert pki_admin_email=tksadmin@example.com pki_admin_name=tksadmin pki_admin_nickname=tksadmin @@ -15,7 +19,6 @@ pki_clone_pkcs12_password=Secret123 pki_ds_password=Secret123 pki_http_port=14080 pki_https_port=14443 -pki_instance_name=tks-master pki_security_domain_name=EXAMPLE pki_security_domain_user=caadmin pki_security_domain_password=Secret123 |