From 73d0412f24934d5aa211693f5864daaef20db31f Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 14 Sep 2017 16:17:43 +0200
Subject: Updated KRA scripts.

---
 scripts/kra-clone-create.sh     |  2 +-
 scripts/kra-create.sh           | 13 +++++++------
 scripts/kra-standalone-step1.sh | 14 +++++++++++---
 scripts/kra-standalone-step2.sh | 22 ++++++++++++++--------
 4 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/scripts/kra-clone-create.sh b/scripts/kra-clone-create.sh
index 1e3ef38..4d89408 100755
--- a/scripts/kra-clone-create.sh
+++ b/scripts/kra-clone-create.sh
@@ -50,7 +50,7 @@ pki_clone_uri=https://$MASTER:8443
 pki_storage_nickname=kra_storage
 pki_transport_nickname=kra_transport
 pki_audit_signing_nickname=kra_audit_signing
-pki_ssl_server_nickname=sslserver
+pki_sslserver_nickname=sslserver
 pki_subsystem_nickname=subsystem
 EOF
 
diff --git a/scripts/kra-create.sh b/scripts/kra-create.sh
index 939b7eb..60e0662 100755
--- a/scripts/kra-create.sh
+++ b/scripts/kra-create.sh
@@ -7,11 +7,12 @@ cat > tmp/kra.cfg << EOF
 pki_pin=Secret.123
 
 [KRA]
-pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert
 #pki_import_admin_cert=False
-#pki_import_admin_pkcs12_file=/root/.dogtag/pki-tomcat/ca_admin_cert.p12
-#pki_import_admin_pkcs12_password=Secret.123
-#pki_import_admin_pkcs12_nickname=caadmin
+
+#pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert
+pki_import_admin_pkcs12_file=/root/.dogtag/pki-tomcat/ca_admin_cert.p12
+pki_import_admin_pkcs12_password=Secret.123
+pki_import_admin_pkcs12_nickname=caadmin
 
 pki_admin_email=kraadmin@example.com
 pki_admin_name=kraadmin
@@ -50,10 +51,10 @@ pki_security_domain_password=Secret.123
 pki_storage_nickname=kra_storage
 pki_transport_nickname=kra_transport
 pki_audit_signing_nickname=kra_audit_signing
-pki_ssl_server_nickname=sslserver
+pki_sslserver_nickname=sslserver
 pki_subsystem_nickname=subsystem
 EOF
 
-pkispawn -vvv -f tmp/kra.cfg -s KRA
+pkispawn -f tmp/kra.cfg -s KRA
 
 #/bin/cp /var/lib/pki/pki-tomcat/alias/kra_backup_keys.p12 .
diff --git a/scripts/kra-standalone-step1.sh b/scripts/kra-standalone-step1.sh
index 1c51931..bfb6c83 100755
--- a/scripts/kra-standalone-step1.sh
+++ b/scripts/kra-standalone-step1.sh
@@ -33,9 +33,10 @@ pki_external_step_two=False
 pki_storage_nickname=kra_storage
 pki_transport_nickname=kra_transport
 pki_audit_signing_nickname=kra_audit_signing
-pki_ssl_server_nickname=sslserver
+pki_sslserver_nickname=sslserver
 pki_subsystem_nickname=subsystem
-pki_cert_chain_nickname=ca_signing
+#pki_cert_chain_nickname=ca_signing
+#pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
 
 pki_external_admin_csr_path=$PWD/tmp/kra_admin.csr
 pki_external_audit_signing_csr_path=$PWD/tmp/kra_audit_signing.csr
@@ -43,6 +44,13 @@ pki_external_sslserver_csr_path=$PWD/tmp/sslserver.csr
 pki_external_storage_csr_path=$PWD/tmp/kra_storage.csr
 pki_external_subsystem_csr_path=$PWD/tmp/subsystem.csr
 pki_external_transport_csr_path=$PWD/tmp/kra_transport.csr
+
+pki_admin_csr_path=$PWD/tmp/kra_admin.csr
+pki_audit_signing_csr_path=$PWD/tmp/kra_audit_signing.csr
+pki_sslserver_csr_path=$PWD/tmp/sslserver.csr
+pki_storage_csr_path=$PWD/tmp/kra_storage.csr
+pki_subsystem_csr_path=$PWD/tmp/subsystem.csr
+pki_transport_csr_path=$PWD/tmp/kra_transport.csr
 EOF
 
-pkispawn -v -f tmp/kra-standalone-step1.cfg -s KRA
+pkispawn -f tmp/kra-standalone-step1.cfg -s KRA -v
diff --git a/scripts/kra-standalone-step2.sh b/scripts/kra-standalone-step2.sh
index f20d8b1..2264d5d 100755
--- a/scripts/kra-standalone-step2.sh
+++ b/scripts/kra-standalone-step2.sh
@@ -2,9 +2,6 @@
 
 mkdir -p tmp
 
-# TODO: should not be required
-# cp tmp/ca_signing.crt tmp/cert_chain.p7b
-
 cat > tmp/kra-standalone-step2.cfg << EOF
 [DEFAULT]
 pki_pin=Secret.123
@@ -33,21 +30,30 @@ pki_token_password=Secret.123
 pki_standalone=True
 pki_external_step_two=True
 
+#pki_cert_chain_nickname=ca_signing
+pki_cert_chain_nickname=Root CA Signing Certificate - ROOT
+#pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b
+pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt
+
 pki_storage_nickname=kra_storage
 pki_transport_nickname=kra_transport
 pki_audit_signing_nickname=kra_audit_signing
-pki_ssl_server_nickname=sslserver
+pki_sslserver_nickname=sslserver
 pki_subsystem_nickname=subsystem
-pki_cert_chain_nickname=ca_signing
 
-#pki_external_ca_cert_chain_path=$PWD/tmp/cert_chain.p7b
-pki_external_ca_cert_path=$PWD/tmp/ca_signing.crt
 pki_external_admin_cert_path=$PWD/tmp/kra_admin.crt
 pki_external_storage_cert_path=$PWD/tmp/kra_storage.crt
 pki_external_transport_cert_path=$PWD/tmp/kra_transport.crt
 pki_external_audit_signing_cert_path=$PWD/tmp/kra_audit_signing.crt
 pki_external_sslserver_cert_path=$PWD/tmp/sslserver.crt
 pki_external_subsystem_cert_path=$PWD/tmp/subsystem.crt
+
+pki_admin_cert_path=$PWD/tmp/kra_admin.crt
+pki_storage_cert_path=$PWD/tmp/kra_storage.crt
+pki_transport_cert_path=$PWD/tmp/kra_transport.crt
+pki_audit_signing_cert_path=$PWD/tmp/kra_audit_signing.crt
+pki_sslserver_cert_path=$PWD/tmp/sslserver.crt
+pki_subsystem_cert_path=$PWD/tmp/subsystem.crt
 EOF
 
-pkispawn -v -f tmp/kra-standalone-step2.cfg -s KRA
+pkispawn -f tmp/kra-standalone-step2.cfg -s KRA -v
-- 
cgit