diff options
Diffstat (limited to 'scripts/ca-export.sh')
-rwxr-xr-x | scripts/ca-export.sh | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/scripts/ca-export.sh b/scripts/ca-export.sh index 351f68f..da2ce2d 100755 --- a/scripts/ca-export.sh +++ b/scripts/ca-export.sh @@ -1,33 +1,33 @@ #!/bin/sh -x -grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > internal.txt -#PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p internal.txt -w password.txt -o ca_backup_keys.p12 -PKCS12Export -d /var/lib/pki/pki-tomcat/alias -p internal.txt -w password.txt -o ca_backup_keys.p12 +grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > tmp/internal.txt +#PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca-certs.p12 +PKCS12Export -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca-certs.p12 -pki pkcs12-cert-find --pkcs12-file ca_backup_keys.p12 --pkcs12-password-file password.txt -pki pkcs12-key-find --pkcs12-file ca_backup_keys.p12 --pkcs12-password-file password.txt +pki pkcs12-cert-find --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt +pki pkcs12-key-find --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt -echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_signing.csr -sed -n "/^ca.signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_signing.csr -echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_signing.csr +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_signing.csr +sed -n "/^ca.signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_signing.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_signing.csr -echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_ocsp_signing.csr -sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_ocsp_signing.csr -echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_ocsp_signing.csr +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_ocsp_signing.csr +sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_ocsp_signing.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_ocsp_signing.csr -echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > sslserver.csr -sed -n "/^ca.sslserver.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> sslserver.csr -echo "-----END NEW CERTIFICATE REQUEST-----" >> sslserver.csr +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/sslserver.csr +sed -n "/^ca.sslserver.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/sslserver.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/sslserver.csr -echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > subsystem.csr -sed -n "/^ca.subsystem.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> subsystem.csr -echo "-----END NEW CERTIFICATE REQUEST-----" >> subsystem.csr +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/subsystem.csr +sed -n "/^ca.subsystem.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/subsystem.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/subsystem.csr -echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_audit_signing.csr -sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_audit_signing.csr -echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_audit_signing.csr +echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_audit_signing.csr +sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_audit_signing.csr +echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_audit_signing.csr -#pki-server ca-clone-prepare --pkcs12-file ca_backup_keys.p12 --pkcs12-password-file password.txt +#pki-server ca-clone-prepare --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt -cp ~/.dogtag/pki-tomcat/ca_admin.cert . -cp ~/.dogtag/pki-tomcat/ca_admin_cert.p12 . +cp ~/.dogtag/pki-tomcat/ca_admin.cert tmp +cp ~/.dogtag/pki-tomcat/ca_admin_cert.p12 tmp |