1 files changed, 53 insertions, 0 deletions

diff --git a/scripts/ds-nss-create.sh b/scripts/ds-nss-create.sh
new file mode 100755
index 0000000..81232da
--- /dev/null
+++ b/scripts/ds-nss-create.sh
@@ -0,0 +1,53 @@
+#!/bin/sh -x
+
+INSTANCE=pki-tomcat
+PASSWORD=Secret123
+NSSDB_DIR=/etc/dirsrv/slapd-$INSTANCE
+
+echo $PASSWORD > $NSSDB_DIR/password.txt
+chown nobody.nobody $NSSDB_DIR/password.txt
+chmod 400 $NSSDB_DIR/password.txt
+
+echo "Internal (Software) Token:$PASSWORD" > $NSSDB_DIR/pin.txt
+chown nobody.nobody $NSSDB_DIR/pin.txt
+chmod 400 $NSSDB_DIR/pin.txt
+
+certutil -W -d $NSSDB_DIR -f $NSSDB_DIR/password.txt
+
+echo -e "y\n\ny\n" | \
+ certutil -S -x \
+ -d $NSSDB_DIR \
+ -f $NSSDB_DIR/password.txt \
+ -z noise.bin \
+ -n "DS CA Signing Certificate" \
+ -s "CN=DS CA Signing Certificate" \
+ -t "CTu,Cu,Cu" \
+ -m $RANDOM\
+ -2 \
+ --keyUsage certSigning \
+ --nsCertType sslCA,smimeCA,objectSigningCA
+
+certutil -L -d $NSSDB_DIR -n "DS CA Signing Certificate" -a > ca.crt
+
+echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \
+ certutil -C -a \
+ -d $NSSDB_DIR \
+ -f $NSSDB_DIR/password.txt \
+ -m $RANDOM \
+ -i ds.csr \
+ -o ds.crt \
+ -c "DS CA Signing Certificate" \
+ -1 -2
+
+#echo -e "0\n1\n2\n3\n9\ny\n" | \
+# certutil -S -x \
+# -d $NSSDB_DIR \
+# -f $NSSDB_DIR/password.txt \
+# -z noise.bin \
+# -n "$HOSTNAME" \
+# -s "CN=$HOSTNAME" \
+# -t "CT,C,C" \
+# -m $RANDOM\
+# -1
+
+certutil -L -d $NSSDB_DIR -n "$HOSTNAME" -a > $HOSTNAME.crt