From 1adf9a0cac7ff5ddebe30db4c380133ff3718b8a Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Fri, 20 Oct 2017 21:16:52 +0200
Subject: Updated CA scripts.

---
 scripts/ca-existing-export-pkcs12.sh | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100755 scripts/ca-existing-export-pkcs12.sh

(limited to 'scripts/ca-existing-export-pkcs12.sh')

diff --git a/scripts/ca-existing-export-pkcs12.sh b/scripts/ca-existing-export-pkcs12.sh
new file mode 100755
index 0000000..da2ce2d
--- /dev/null
+++ b/scripts/ca-existing-export-pkcs12.sh
@@ -0,0 +1,33 @@
+#!/bin/sh -x
+
+grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > tmp/internal.txt
+#PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca-certs.p12
+PKCS12Export -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca-certs.p12
+
+pki pkcs12-cert-find --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt
+pki pkcs12-key-find --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_signing.csr
+sed -n "/^ca.signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_signing.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_signing.csr
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_ocsp_signing.csr
+sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_ocsp_signing.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_ocsp_signing.csr
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/sslserver.csr
+sed -n "/^ca.sslserver.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/sslserver.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/sslserver.csr
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/subsystem.csr
+sed -n "/^ca.subsystem.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/subsystem.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/subsystem.csr
+
+echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_audit_signing.csr
+sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_audit_signing.csr
+echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_audit_signing.csr
+
+#pki-server ca-clone-prepare --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt
+
+cp ~/.dogtag/pki-tomcat/ca_admin.cert tmp
+cp ~/.dogtag/pki-tomcat/ca_admin_cert.p12 tmp
-- 
cgit