diff options
Diffstat (limited to 'scripts/ds-nss-create.sh')
-rwxr-xr-x | scripts/ds-nss-create.sh | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/scripts/ds-nss-create.sh b/scripts/ds-nss-create.sh new file mode 100755 index 0000000..81232da --- /dev/null +++ b/scripts/ds-nss-create.sh @@ -0,0 +1,53 @@ +#!/bin/sh -x + +INSTANCE=pki-tomcat +PASSWORD=Secret123 +NSSDB_DIR=/etc/dirsrv/slapd-$INSTANCE + +echo $PASSWORD > $NSSDB_DIR/password.txt +chown nobody.nobody $NSSDB_DIR/password.txt +chmod 400 $NSSDB_DIR/password.txt + +echo "Internal (Software) Token:$PASSWORD" > $NSSDB_DIR/pin.txt +chown nobody.nobody $NSSDB_DIR/pin.txt +chmod 400 $NSSDB_DIR/pin.txt + +certutil -W -d $NSSDB_DIR -f $NSSDB_DIR/password.txt + +echo -e "y\n\ny\n" | \ + certutil -S -x \ + -d $NSSDB_DIR \ + -f $NSSDB_DIR/password.txt \ + -z noise.bin \ + -n "DS CA Signing Certificate" \ + -s "CN=DS CA Signing Certificate" \ + -t "CTu,Cu,Cu" \ + -m $RANDOM\ + -2 \ + --keyUsage certSigning \ + --nsCertType sslCA,smimeCA,objectSigningCA + +certutil -L -d $NSSDB_DIR -n "DS CA Signing Certificate" -a > ca.crt + +echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \ + certutil -C -a \ + -d $NSSDB_DIR \ + -f $NSSDB_DIR/password.txt \ + -m $RANDOM \ + -i ds.csr \ + -o ds.crt \ + -c "DS CA Signing Certificate" \ + -1 -2 + +#echo -e "0\n1\n2\n3\n9\ny\n" | \ +# certutil -S -x \ +# -d $NSSDB_DIR \ +# -f $NSSDB_DIR/password.txt \ +# -z noise.bin \ +# -n "$HOSTNAME" \ +# -s "CN=$HOSTNAME" \ +# -t "CT,C,C" \ +# -m $RANDOM\ +# -1 + +certutil -L -d $NSSDB_DIR -n "$HOSTNAME" -a > $HOSTNAME.crt |