summaryrefslogtreecommitdiffstats
path: root/scripts/ca-export.sh
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/ca-export.sh')
-rwxr-xr-xscripts/ca-export.sh33
1 files changed, 33 insertions, 0 deletions
diff --git a/scripts/ca-export.sh b/scripts/ca-export.sh
new file mode 100755
index 0000000..351f68f
--- /dev/null
+++ b/scripts/ca-export.sh
@@ -0,0 +1,33 @@
+#!/bin/sh -x
+
+grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > internal.txt
+#PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p internal.txt -w password.txt -o ca_backup_keys.p12
+PKCS12Export -d /var/lib/pki/pki-tomcat/alias -p internal.txt -w password.txt -o ca_backup_keys.p12
+
+pki pkcs12-cert-find --pkcs12-file ca_backup_keys.p12 --pkcs12-password-file password.txt
+pki pkcs12-key-find --pkcs12-file ca_backup_keys.p12 --pkcs12-password-file password.txt
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_signing.csr
+sed -n "/^ca.signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_signing.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_signing.csr
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_ocsp_signing.csr
+sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_ocsp_signing.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_ocsp_signing.csr
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > sslserver.csr
+sed -n "/^ca.sslserver.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> sslserver.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> sslserver.csr
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > subsystem.csr
+sed -n "/^ca.subsystem.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> subsystem.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> subsystem.csr
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_audit_signing.csr
+sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_audit_signing.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_audit_signing.csr
+
+#pki-server ca-clone-prepare --pkcs12-file ca_backup_keys.p12 --pkcs12-password-file password.txt
+
+cp ~/.dogtag/pki-tomcat/ca_admin.cert .
+cp ~/.dogtag/pki-tomcat/ca_admin_cert.p12 .
generated by cgit (git 2.34.1) at 2024-04-28 17:52:41 +0000