diff options
Diffstat (limited to 'scripts/ca-external-step1.sh')
-rwxr-xr-x | scripts/ca-external-step1.sh | 102 |
1 files changed, 76 insertions, 26 deletions
diff --git a/scripts/ca-external-step1.sh b/scripts/ca-external-step1.sh index 19eca2b..a9d6df9 100755 --- a/scripts/ca-external-step1.sh +++ b/scripts/ca-external-step1.sh @@ -1,28 +1,78 @@ #!/bin/sh -x -rm -f /tmp/ca_signing.csr -rm -f /tmp/ca_ocsp_signing.csr -rm -f /tmp/ca_audit_signing.csr -rm -f /tmp/sslserver.csr -rm -f /tmp/subsystem.csr - -rm -r /tmp/external.crt -rm -r /tmp/cert_chain.p7b -rm -f /tmp/ca_signing.crt - -rm -f /tmp/example.crt -rm -f /tmp/example2.crt -rm -f /tmp/example.p7 -rm -f /tmp/example2.p7 -rm -f /tmp/example.p7b -rm -f /tmp/example2.p7b -rm -f /tmp/example3.csr -rm -f /tmp/example3.crt - -pkispawn -vv -f ca-external-step1.cfg -s CA - -/bin/cp -f /tmp/ca_signing.csr . -/bin/cp -f /tmp/ca_ocsp_signing.csr . -/bin/cp -f /tmp/ca_audit_signing.csr . -/bin/cp -f /tmp/sslserver.csr . -/bin/cp -f /tmp/subsystem.csr . +mkdir -p tmp + +rm -f tmp/ca_signing.csr +rm -f tmp/ca_ocsp_signing.csr +rm -f tmp/ca_audit_signing.csr +rm -f tmp/sslserver.csr +rm -f tmp/subsystem.csr + +rm -r tmp/external.crt +rm -r tmp/cert_chain.p7b +rm -f tmp/ca_signing.crt + +rm -f tmp/example.crt +rm -f tmp/example2.crt +rm -f tmp/example.p7 +rm -f tmp/example2.p7 +rm -f tmp/example.p7b +rm -f tmp/example2.p7b +rm -f tmp/example3.csr +rm -f tmp/example3.crt + +cat > tmp/ca-external-step1.cfg << EOF +#[DEFAULT] +#pki_instance_name=pki-child +#pki_pin=Secret.123 + +[CA] +pki_admin_email=caadmin@example.com +pki_admin_name=caadmin +pki_admin_nickname=caadmin +pki_admin_password=Secret.123 +pki_admin_uid=caadmin + +pki_backup_keys=True +pki_backup_password=Secret.123 + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com +pki_ds_database=ca +pki_ds_password=Secret.123 + +pki_security_domain_name=EXAMPLE + +pki_token_password=Secret.123 + +pki_external=True +pki_external_step_two=False +pki_external_csr_path=$PWD/tmp/ca_signing.csr + +#pki_ca_signing_csr_path=$PWD/tmp/ca_signing.csr +pki_ocsp_signing_csr_path=$PWD/tmp/ca_ocsp_signing.csr +pki_audit_signing_csr_path=$PWD/tmp/ca_audit_signing.csr +pki_ssl_server_csr_path=$PWD/tmp/sslserver.csr +pki_subsystem_csr_path=$PWD/tmp/subsystem.csr + +#pki_security_domain_name=CHILD +#pki_ca_signing_csr_path=$PWD/tmp/example2.csr +#pki_ca_signing_subject_dn=CN=Child Cert,O=CHILD + +#pki_security_domain_name=GRANDCHILD +#pki_ca_signing_csr_path=$PWD/tmp/example3.csr +#pki_ca_signing_subject_dn=CN=Grandchild Cert,O=GRANDCHILD + +#pki_req_ext_add=True + +pki_ca_signing_nickname=ca_signing +pki_ocsp_signing_nickname=ca_ocsp_signing +pki_audit_signing_nickname=ca_audit_signing +pki_ssl_server_nickname=sslserver +pki_subsystem_nickname=subsystem +EOF + +pkispawn -vv -f tmp/ca-external-step1.cfg -s CA |