summaryrefslogtreecommitdiffstats
path: root/scripts/ca-external-step1.sh
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/ca-external-step1.sh')
-rwxr-xr-xscripts/ca-external-step1.sh102
1 files changed, 76 insertions, 26 deletions
diff --git a/scripts/ca-external-step1.sh b/scripts/ca-external-step1.sh
index 19eca2b..a9d6df9 100755
--- a/scripts/ca-external-step1.sh
+++ b/scripts/ca-external-step1.sh
@@ -1,28 +1,78 @@
#!/bin/sh -x
-rm -f /tmp/ca_signing.csr
-rm -f /tmp/ca_ocsp_signing.csr
-rm -f /tmp/ca_audit_signing.csr
-rm -f /tmp/sslserver.csr
-rm -f /tmp/subsystem.csr
-
-rm -r /tmp/external.crt
-rm -r /tmp/cert_chain.p7b
-rm -f /tmp/ca_signing.crt
-
-rm -f /tmp/example.crt
-rm -f /tmp/example2.crt
-rm -f /tmp/example.p7
-rm -f /tmp/example2.p7
-rm -f /tmp/example.p7b
-rm -f /tmp/example2.p7b
-rm -f /tmp/example3.csr
-rm -f /tmp/example3.crt
-
-pkispawn -vv -f ca-external-step1.cfg -s CA
-
-/bin/cp -f /tmp/ca_signing.csr .
-/bin/cp -f /tmp/ca_ocsp_signing.csr .
-/bin/cp -f /tmp/ca_audit_signing.csr .
-/bin/cp -f /tmp/sslserver.csr .
-/bin/cp -f /tmp/subsystem.csr .
+mkdir -p tmp
+
+rm -f tmp/ca_signing.csr
+rm -f tmp/ca_ocsp_signing.csr
+rm -f tmp/ca_audit_signing.csr
+rm -f tmp/sslserver.csr
+rm -f tmp/subsystem.csr
+
+rm -r tmp/external.crt
+rm -r tmp/cert_chain.p7b
+rm -f tmp/ca_signing.crt
+
+rm -f tmp/example.crt
+rm -f tmp/example2.crt
+rm -f tmp/example.p7
+rm -f tmp/example2.p7
+rm -f tmp/example.p7b
+rm -f tmp/example2.p7b
+rm -f tmp/example3.csr
+rm -f tmp/example3.crt
+
+cat > tmp/ca-external-step1.cfg << EOF
+#[DEFAULT]
+#pki_instance_name=pki-child
+#pki_pin=Secret.123
+
+[CA]
+pki_admin_email=caadmin@example.com
+pki_admin_name=caadmin
+pki_admin_nickname=caadmin
+pki_admin_password=Secret.123
+pki_admin_uid=caadmin
+
+pki_backup_keys=True
+pki_backup_password=Secret.123
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
+pki_ds_database=ca
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+
+pki_token_password=Secret.123
+
+pki_external=True
+pki_external_step_two=False
+pki_external_csr_path=$PWD/tmp/ca_signing.csr
+
+#pki_ca_signing_csr_path=$PWD/tmp/ca_signing.csr
+pki_ocsp_signing_csr_path=$PWD/tmp/ca_ocsp_signing.csr
+pki_audit_signing_csr_path=$PWD/tmp/ca_audit_signing.csr
+pki_ssl_server_csr_path=$PWD/tmp/sslserver.csr
+pki_subsystem_csr_path=$PWD/tmp/subsystem.csr
+
+#pki_security_domain_name=CHILD
+#pki_ca_signing_csr_path=$PWD/tmp/example2.csr
+#pki_ca_signing_subject_dn=CN=Child Cert,O=CHILD
+
+#pki_security_domain_name=GRANDCHILD
+#pki_ca_signing_csr_path=$PWD/tmp/example3.csr
+#pki_ca_signing_subject_dn=CN=Grandchild Cert,O=GRANDCHILD
+
+#pki_req_ext_add=True
+
+pki_ca_signing_nickname=ca_signing
+pki_ocsp_signing_nickname=ca_ocsp_signing
+pki_audit_signing_nickname=ca_audit_signing
+pki_ssl_server_nickname=sslserver
+pki_subsystem_nickname=subsystem
+EOF
+
+pkispawn -vv -f tmp/ca-external-step1.cfg -s CA
generated by cgit (git 2.34.1) at 2024-04-20 04:18:20 +0000