From 0427fa61a3003dab7c1786c9071cf0105950f364 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 11 Sep 2012 12:50:31 -0500 Subject: Cleaned up and reorganized the scripts. --- scripts/ca-certs.sh | 4 +- scripts/ca-create.sh | 2 +- scripts/ca-master.cfg | 232 ---------------------------------------- scripts/ca-remove.sh | 2 +- scripts/ca-run.sh | 4 +- scripts/ca-test.sh | 2 +- scripts/ca.cfg | 228 +++++++++++++++++++++++++++++++++++++++ scripts/cert-request-approve.sh | 4 +- scripts/cert-request-review.sh | 4 +- scripts/core-uninstall.sh | 6 ++ scripts/drm-java-test.sh | 23 ---- scripts/drm-python-test.sh | 30 ------ scripts/firefox-certs-import.sh | 3 +- scripts/firefox-certs-remove.sh | 3 +- scripts/kra-certs.sh | 4 +- scripts/kra-create.sh | 2 +- scripts/kra-java-test.sh | 23 ++++ scripts/kra-master.cfg | 232 ---------------------------------------- scripts/kra-python-test.sh | 30 ++++++ scripts/kra-remove.sh | 2 +- scripts/kra-run.sh | 4 +- scripts/kra.cfg | 228 +++++++++++++++++++++++++++++++++++++++ 22 files changed, 538 insertions(+), 534 deletions(-) delete mode 100644 scripts/ca-master.cfg create mode 100644 scripts/ca.cfg delete mode 100755 scripts/drm-java-test.sh delete mode 100755 scripts/drm-python-test.sh create mode 100755 scripts/kra-java-test.sh delete mode 100644 scripts/kra-master.cfg create mode 100755 scripts/kra-python-test.sh create mode 100644 scripts/kra.cfg (limited to 'scripts') diff --git a/scripts/ca-certs.sh b/scripts/ca-certs.sh index 7e5ce68..4633ff2 100755 --- a/scripts/ca-certs.sh +++ b/scripts/ca-certs.sh @@ -1,5 +1,5 @@ #!/bin/sh -x -INSTANCE_DIR=/var/lib/pki/ca-master +INSTANCE_NAME=ca-master -certutil -L -d $INSTANCE_DIR/alias +certutil -L -d /var/lib/pki/$INSTANCE_NAME/alias diff --git a/scripts/ca-create.sh b/scripts/ca-create.sh index 12a7d75..ac9896b 100755 --- a/scripts/ca-create.sh +++ b/scripts/ca-create.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkispawn -f ca-master.cfg -s CA -v +pkispawn -f ca.cfg -s CA -v 2>&1 | tee build/ca-create.log diff --git a/scripts/ca-master.cfg b/scripts/ca-master.cfg deleted file mode 100644 index 7976aa7..0000000 --- a/scripts/ca-master.cfg +++ /dev/null @@ -1,232 +0,0 @@ -############################################################################### -## 'Sensitive' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required 'sensitive' information which MUST ALWAYS be provided by users. ## -## ## -## IMPORTANT: Sensitive data values must NEVER be displayed to the ## -## console NOR stored in log files!!! ## -############################################################################### -[Sensitive] -pki_admin_password=Secret123 -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_password=Secret123 -pki_security_domain_password=Secret123 -pki_token_password=Secret123 -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False -pki_admin_email=caadmin@example.com -pki_admin_keysize=2048 -pki_admin_name=caadmin -pki_admin_nickname=caadmin -pki_admin_subject_dn= -pki_admin_uid=caadmin -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_client_database_dir=/var/lib/pki/ca-master/ca/certs -pki_client_database_purge=False -pki_client_dir= -pki_ds_base_dn=dc=ca,dc=example,dc=com -pki_ds_bind_dn=cn=Directory Manager -pki_ds_database= -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 -pki_security_domain_name=EXAMPLE -pki_security_domain_user=caadmin -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_user=pkiuser -############################################################################### -## 'Apache' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 -############################################################################### -## 'Tomcat' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=8009 -pki_clone=False -pki_clone_pkcs12_path= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False -pki_http_port=8080 -pki_https_port=8443 -pki_instance_name=ca-master -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=false -pki_tomcat_server_port=8005 -############################################################################### -## 'CA' Data: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= -pki_war_file=ca.war -############################################################################### -## 'KRA' Data: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= -pki_war_file=kra.war -############################################################################### -## 'OCSP' Data: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= -pki_war_file=ocsp.war -############################################################################### -## 'RA' Data: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= -############################################################################### -## 'TKS' Data: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= -pki_war_file=tks.war -############################################################################### -## 'TPS' Data: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= diff --git a/scripts/ca-remove.sh b/scripts/ca-remove.sh index d29e313..1177995 100755 --- a/scripts/ca-remove.sh +++ b/scripts/ca-remove.sh @@ -3,4 +3,4 @@ SRC_DIR=`cd ../.. ; pwd` INSTANCE_NAME=ca-master -pkidestroy -s CA -i $INSTANCE_NAME +pkidestroy -v -s CA -i $INSTANCE_NAME diff --git a/scripts/ca-run.sh b/scripts/ca-run.sh index 75603b1..6da71c2 100755 --- a/scripts/ca-run.sh +++ b/scripts/ca-run.sh @@ -1,3 +1,5 @@ #!/bin/sh -x -java -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n -classpath :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/ca-master -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/ca-master/temp -Djava.util.logging.config.file=/var/lib/pki/ca-master/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start +INSTANCE_NAME=ca-master + +java -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n -classpath :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/$INSTANCE_NAME -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/$INSTANCE_NAME/temp -Djava.util.logging.config.file=/var/lib/pki/$INSTANCE_NAME/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start diff --git a/scripts/ca-test.sh b/scripts/ca-test.sh index 3ce6da9..7acb08f 100755 --- a/scripts/ca-test.sh +++ b/scripts/ca-test.sh @@ -3,7 +3,7 @@ SRC_DIR=`cd ../.. ; pwd` INSTANCE_NAME=ca-master -CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/certs +CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/ca/certs SERVER_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/alias CERT_NAME="caSigningCert cert-${INSTANCE_NAME}" diff --git a/scripts/ca.cfg b/scripts/ca.cfg new file mode 100644 index 0000000..04bcfc5 --- /dev/null +++ b/scripts/ca.cfg @@ -0,0 +1,228 @@ +############################################################################### +## 'Sensitive' Data: ## +## ## +## Values in this section pertain to various PKI subsystems, and contain ## +## required 'sensitive' information which MUST ALWAYS be provided by users. ## +## ## +## IMPORTANT: Sensitive data values must NEVER be displayed to the ## +## console NOR stored in log files!!! ## +############################################################################### +[Sensitive] +pki_admin_password=Secret123 +pki_backup_password=Secret123 +pki_client_database_password=Secret123 +pki_client_pkcs12_password=Secret123 +pki_clone_pkcs12_password=Secret123 +pki_ds_password=Secret123 +pki_security_domain_password=Secret123 +pki_token_password=Secret123 +############################################################################### +## 'Common' Data: ## +## ## +## Values in this section are common to more than one PKI subsystem, and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## +## ## +## NOTE: Default values will be generated for any and all required ## +## 'common' data values which are left undefined. ## +############################################################################### +[Common] +pki_admin_cert_request_type=crmf +pki_admin_domain_name= +pki_admin_dualkey=False +pki_admin_email=caadmin@example.com +pki_admin_keysize=2048 +pki_admin_name=caadmin +pki_admin_nickname=caadmin +pki_admin_subject_dn= +pki_admin_uid=caadmin +pki_audit_group=pkiaudit +pki_audit_signing_key_algorithm=SHA256withRSA +pki_audit_signing_key_size=2048 +pki_audit_signing_key_type=rsa +pki_audit_signing_nickname= +pki_audit_signing_signing_algorithm=SHA256withRSA +pki_audit_signing_subject_dn= +pki_audit_signing_token= +pki_backup_keys=False +pki_client_database_dir=/var/lib/pki/ca-master/ca/certs +pki_client_database_purge=False +pki_client_dir= +pki_ds_base_dn=dc=ca,dc=example,dc=com +pki_ds_bind_dn=cn=Directory Manager +pki_ds_database=ca +pki_ds_hostname= +pki_ds_ldap_port=389 +pki_ds_ldaps_port=636 +pki_ds_remove_data=True +pki_ds_secure_connection=False +pki_group=pkiuser +pki_issuing_ca= +pki_restart_configured_instance=True +pki_security_domain_hostname= +pki_security_domain_https_port=8443 +pki_security_domain_name=EXAMPLE +pki_security_domain_user=caadmin +pki_ssl_server_key_algorithm=SHA256withRSA +pki_ssl_server_key_size=2048 +pki_ssl_server_key_type=rsa +pki_ssl_server_nickname= +pki_ssl_server_subject_dn= +pki_ssl_server_token= +pki_subsystem_key_algorithm=SHA256withRSA +pki_subsystem_key_size=2048 +pki_subsystem_key_type=rsa +pki_subsystem_nickname= +pki_subsystem_subject_dn= +pki_subsystem_token= +pki_token_name=internal +pki_user=pkiuser +############################################################################### +## 'Apache' Data: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Apache' (RA and TPS subsystems), and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[Apache] +pki_instance_name=pki-apache +pki_http_port=80 +pki_https_port=443 +############################################################################### +## 'Tomcat' Data: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## +## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## +## or a 'TKS Clone', change the value of 'pki_clone' ## +## from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[Tomcat] +pki_ajp_port=8009 +pki_clone=False +pki_clone_pkcs12_path= +pki_clone_replication_security=None +pki_clone_uri= +pki_enable_java_debugger=False +pki_enable_proxy=False +pki_http_port=8080 +pki_https_port=8443 +pki_instance_name=ca-master +pki_proxy_http_port=80 +pki_proxy_https_port=443 +pki_security_manager=false +pki_tomcat_server_port=8005 +############################################################################### +## 'CA' Data: ## +## ## +## Values in this section are common to CA subsystems including 'PKI CAs', ## +## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## EXTERNAL CAs: To specify an 'External CA', change the value ## +## of 'pki_external' from 'False' to 'True'. ## +## ## +## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## +## of 'pki_subordinate' from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[CA] +pki_ca_signing_key_algorithm=SHA256withRSA +pki_ca_signing_key_size=2048 +pki_ca_signing_key_type=rsa +pki_ca_signing_nickname= +pki_ca_signing_signing_algorithm=SHA256withRSA +pki_ca_signing_subject_dn= +pki_ca_signing_token= +pki_external=False +pki_external_ca_cert_chain_path= +pki_external_ca_cert_path= +pki_external_csr_path= +pki_external_step_two=False +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subordinate=False +pki_subsystem=CA +pki_subsystem_name= +############################################################################### +## 'KRA' Data: ## +## ## +## Values in this section are common to KRA subsystems ## +## including 'PKI KRAs' and 'Cloned KRAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[KRA] +pki_storage_key_algorithm=SHA256withRSA +pki_storage_key_size=2048 +pki_storage_key_type=rsa +pki_storage_nickname= +pki_storage_signing_algorithm=SHA256withRSA +pki_storage_subject_dn= +pki_storage_token= +pki_subsystem=KRA +pki_subsystem_name= +pki_transport_key_algorithm=SHA256withRSA +pki_transport_key_size=2048 +pki_transport_key_type=rsa +pki_transport_nickname= +pki_transport_signing_algorithm=SHA256withRSA +pki_transport_subject_dn= +pki_transport_token= +############################################################################### +## 'OCSP' Data: ## +## ## +## Values in this section are common to OCSP subsystems ## +## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[OCSP] +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subsystem=OCSP +pki_subsystem_name= +############################################################################### +## 'RA' Data: ## +## ## +## Values in this section are common to PKI RA subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[RA] +pki_subsystem=RA +pki_subsystem_name= +############################################################################### +## 'TKS' Data: ## +## ## +## Values in this section are common to TKS subsystems ## +## including 'PKI TKSs' and 'Cloned TKSs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TKS] +pki_subsystem=TKS +pki_subsystem_name= +############################################################################### +## 'TPS' Data: ## +## ## +## Values in this section are common to PKI TPS subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TPS] +pki_subsystem=TPS +pki_subsystem_name= diff --git a/scripts/cert-request-approve.sh b/scripts/cert-request-approve.sh index ea73e69..162c2ee 100755 --- a/scripts/cert-request-approve.sh +++ b/scripts/cert-request-approve.sh @@ -8,7 +8,7 @@ fi SRC_DIR=`cd ../.. ; pwd` INSTANCE_NAME=ca-master -CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/certs +CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/ca/certs # Approve request as an agent -pki -v -U https://localhost:8443/ca -d $CLIENT_CERT_DIR -w Secret123 -n caadmin cert-request-approve "$INPUT" +pki -v -d $CLIENT_CERT_DIR -w Secret123 -n caadmin cert-request-approve "$INPUT" diff --git a/scripts/cert-request-review.sh b/scripts/cert-request-review.sh index 60fb438..ba9bc34 100755 --- a/scripts/cert-request-review.sh +++ b/scripts/cert-request-review.sh @@ -9,7 +9,7 @@ fi SRC_DIR=`cd ../.. ; pwd` INSTANCE_NAME=ca-master -CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/certs +CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/ca/certs # Review request as an agent -pki -v -U https://localhost:8443/ca -d $CLIENT_CERT_DIR -w Secret123 -n caadmin cert-request-review "$REQUEST_ID" --output "$OUTPUT" +pki -v -d $CLIENT_CERT_DIR -w Secret123 -n caadmin cert-request-review "$REQUEST_ID" --output "$OUTPUT" diff --git a/scripts/core-uninstall.sh b/scripts/core-uninstall.sh index f4b4de0..f5ad86a 100755 --- a/scripts/core-uninstall.sh +++ b/scripts/core-uninstall.sh @@ -4,15 +4,21 @@ yum erase -y\ pki-symkey\ pki-base\ pki-tools\ + pki-util\ pki-util-javadoc\ + pki-common\ pki-common-javadoc\ + pki-native-tools\ + pki-java-tools\ pki-java-tools-javadoc\ pki-silent\ pki-selinux\ + pki-deploy\ pki-server\ pki-setup\ pki-ca\ pki-kra\ pki-ocsp\ pki-tks\ + pki-javadoc\ pki-core-debuginfo diff --git a/scripts/drm-java-test.sh b/scripts/drm-java-test.sh deleted file mode 100755 index 37244c2..0000000 --- a/scripts/drm-java-test.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -x - -SRC_DIR=`cd ../.. ; pwd` - -INSTANCE_NAME=kra-master -CLIENT_CERT_DIR=$SRC_DIR/certs/$INSTANCE_NAME - -CLASSPATH=$SRC_DIR/pki/build/classes -CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-cli.jar -CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-logging.jar -CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-lang.jar -CLASSPATH=$CLASSPATH:/usr/share/java/commons-codec.jar -CLASSPATH=$CLASSPATH:/usr/share/java/jakarta-commons-httpclient.jar -CLASSPATH=$CLASSPATH:/usr/lib64/java/jss4.jar -CLASSPATH=$CLASSPATH:/usr/share/java/httpcomponents/httpclient.jar -CLASSPATH=$CLASSPATH:/usr/share/java/httpcomponents/httpcore.jar -CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/jaxrs-api.jar -CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-atom-provider.jar -CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxrs.jar -CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxb-provider.jar -CLASSPATH=$CLASSPATH:/usr/share/java/servlet.jar - -java -classpath $CLASSPATH com.netscape.cms.servlet.test.DRMTest -h localhost -p 12443 -s true -d $CLIENT_CERT_DIR -w Secret123 -c kraadmin diff --git a/scripts/drm-python-test.sh b/scripts/drm-python-test.sh deleted file mode 100755 index 873d5d9..0000000 --- a/scripts/drm-python-test.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -x - -SRC_DIR=`cd ../.. ; pwd` - -INSTANCE_NAME=kra-master -CLIENT_CERT_DIR=$SRC_DIR/certs/$INSTANCE_NAME -SERVER_CERT_DIR=/var/lib/pki/$INSTANCE_NAME -CERT_NAME="transportCert cert-$INSTANCE_NAME" - -CLASSPATH=$SRC_DIR/pki/build/classes -CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-cli.jar -CLASSPATH=$CLASSPATH:/usr/lib64/java/jss4.jar -CLASSPATH=$CLASSPATH:/usr/share/java/commons-codec.jar - -#echo Secret123 > $CLIENT_CERT_DIR/password.txt -#certutil -N -d $CLIENT_CERT_DIR -f $CLIENT_CERT_DIR/password.txt - -# export transport certificate -certutil -L -d $SERVER_CERT_DIR/alias -n "$CERT_NAME" -a > $CLIENT_CERT_DIR/transport.pem -AtoB $CLIENT_CERT_DIR/transport.pem $CLIENT_CERT_DIR/transport.crt - -# import transport certificate -certutil -A -d $CLIENT_CERT_DIR -n "$CERT_NAME" -i $CLIENT_CERT_DIR/transport.pem -t u,u,u - -# generate options -java -classpath $CLASSPATH com.netscape.cms.servlet.test.GeneratePKIArchiveOptions -d $CLIENT_CERT_DIR -k $CLIENT_CERT_DIR/symkey.out -o $CLIENT_CERT_DIR/options.out -t $CLIENT_CERT_DIR/transport.crt -w Secret123 - -# run KRA test -cd $SRC_DIR/pki/base/kra/functional -python drmclient.py -d $CLIENT_CERT_DIR --options=options.out --symkey=symkey.out -p 12080 -n "$CERT_NAME" diff --git a/scripts/firefox-certs-import.sh b/scripts/firefox-certs-import.sh index 0ea1984..59119cb 100755 --- a/scripts/firefox-certs-import.sh +++ b/scripts/firefox-certs-import.sh @@ -11,7 +11,6 @@ fi echo HOME=$home SRC_DIR=`cd ../.. ; pwd` -CERTS=$SRC_DIR/certs FIREFOX_DIR=$home/.mozilla/firefox PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` @@ -19,6 +18,8 @@ PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` CA_INSTANCE_NAME=ca-master KRA_INSTANCE_NAME=kra-master +CERTS=/var/lib/pki/$CA_INSTANCE_NAME/ca/certs + ################################################################################ # Importing CA certificate ################################################################################ diff --git a/scripts/firefox-certs-remove.sh b/scripts/firefox-certs-remove.sh index 71a6630..553f32f 100755 --- a/scripts/firefox-certs-remove.sh +++ b/scripts/firefox-certs-remove.sh @@ -8,6 +8,7 @@ else home=/home/$user fi +CA_INSTANCE_NAME=ca-master FIREFOX_DIR=$home/.mozilla/firefox PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` @@ -16,7 +17,7 @@ cd $FIREFOX_DIR/$PROFILE certutil -D -n "admin" -d . certutil -D -n "caadmin" -d . certutil -D -n "kraadmin" -d . -certutil -D -n "caSigningCert cert-ca-master" -d . +certutil -D -n "caSigningCert cert-$CA_INSTANCE_NAME" -d . certutil -D -n "$HOSTNAME" -d . certutil -D -n "$HOSTNAME #2" -d . certutil -D -n "$HOSTNAME #3" -d . diff --git a/scripts/kra-certs.sh b/scripts/kra-certs.sh index e443b22..91fa3a2 100755 --- a/scripts/kra-certs.sh +++ b/scripts/kra-certs.sh @@ -1,5 +1,5 @@ #!/bin/sh -x -INSTANCE_DIR=/var/lib/pki/kra-master +INSTANCE_NAME=kra-master -certutil -L -d $INSTANCE_DIR/alias +certutil -L -d /var/lib/pki/$INSTANCE_NAME/alias diff --git a/scripts/kra-create.sh b/scripts/kra-create.sh index 7bd0686..e84ac01 100755 --- a/scripts/kra-create.sh +++ b/scripts/kra-create.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkispawn -f kra-master.cfg -s KRA -v +pkispawn -f kra.cfg -s KRA -v 2>&1 | tee build/kra-create.log diff --git a/scripts/kra-java-test.sh b/scripts/kra-java-test.sh new file mode 100755 index 0000000..148046f --- /dev/null +++ b/scripts/kra-java-test.sh @@ -0,0 +1,23 @@ +#!/bin/sh -x + +SRC_DIR=`cd ../.. ; pwd` + +INSTANCE_NAME=kra-master +CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/kra/certs + +CLASSPATH=$SRC_DIR/pki/build/classes +CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-cli.jar +CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-logging.jar +CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-lang.jar +CLASSPATH=$CLASSPATH:/usr/share/java/commons-codec.jar +CLASSPATH=$CLASSPATH:/usr/share/java/jakarta-commons-httpclient.jar +CLASSPATH=$CLASSPATH:/usr/lib64/java/jss4.jar +CLASSPATH=$CLASSPATH:/usr/share/java/httpcomponents/httpclient.jar +CLASSPATH=$CLASSPATH:/usr/share/java/httpcomponents/httpcore.jar +CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/jaxrs-api.jar +CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-atom-provider.jar +CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxrs.jar +CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxb-provider.jar +CLASSPATH=$CLASSPATH:/usr/share/java/servlet.jar + +java -classpath $CLASSPATH com.netscape.cms.servlet.test.DRMTest -h localhost -p 12443 -s true -d $CLIENT_CERT_DIR -w Secret123 -c kraadmin diff --git a/scripts/kra-master.cfg b/scripts/kra-master.cfg deleted file mode 100644 index 6d41da9..0000000 --- a/scripts/kra-master.cfg +++ /dev/null @@ -1,232 +0,0 @@ -############################################################################### -## 'Sensitive' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required 'sensitive' information which MUST ALWAYS be provided by users. ## -## ## -## IMPORTANT: Sensitive data values must NEVER be displayed to the ## -## console NOR stored in log files!!! ## -############################################################################### -[Sensitive] -pki_admin_password=Secret123 -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_password=Secret123 -pki_security_domain_password=Secret123 -pki_token_password=Secret123 -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False -pki_admin_email=kraadmin@example.com -pki_admin_keysize=2048 -pki_admin_name=kraadmin -pki_admin_nickname=kraadmin -pki_admin_subject_dn= -pki_admin_uid=kraadmin -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_client_database_dir=/var/lib/pki/kra-master/kra/certs -pki_client_database_purge=False -pki_client_dir= -pki_ds_base_dn=dc=kra,dc=example,dc=com -pki_ds_bind_dn=cn=Directory Manager -pki_ds_database= -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 -pki_security_domain_name=EXAMPLE -pki_security_domain_user=caadmin -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_user=pkiuser -############################################################################### -## 'Apache' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 -############################################################################### -## 'Tomcat' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=12009 -pki_clone=False -pki_clone_pkcs12_path= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False -pki_http_port=12080 -pki_https_port=12443 -pki_instance_name=kra-master -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=false -pki_tomcat_server_port=12005 -############################################################################### -## 'CA' Data: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= -pki_war_file=ca.war -############################################################################### -## 'KRA' Data: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= -pki_war_file=kra.war -############################################################################### -## 'OCSP' Data: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= -pki_war_file=ocsp.war -############################################################################### -## 'RA' Data: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= -############################################################################### -## 'TKS' Data: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= -pki_war_file=tks.war -############################################################################### -## 'TPS' Data: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= diff --git a/scripts/kra-python-test.sh b/scripts/kra-python-test.sh new file mode 100755 index 0000000..403ce26 --- /dev/null +++ b/scripts/kra-python-test.sh @@ -0,0 +1,30 @@ +#!/bin/sh -x + +SRC_DIR=`cd ../.. ; pwd` + +INSTANCE_NAME=kra-master +SERVER_CERT_DIR=/var/lib/pki/$INSTANCE_NAME +CLIENT_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/kra/certs +CERT_NAME="transportCert cert-$INSTANCE_NAME" + +CLASSPATH=$SRC_DIR/pki/build/classes +CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-cli.jar +CLASSPATH=$CLASSPATH:/usr/lib64/java/jss4.jar +CLASSPATH=$CLASSPATH:/usr/share/java/commons-codec.jar + +#echo Secret123 > $CLIENT_CERT_DIR/password.txt +#certutil -N -d $CLIENT_CERT_DIR -f $CLIENT_CERT_DIR/password.txt + +# export transport certificate +certutil -L -d $SERVER_CERT_DIR/alias -n "$CERT_NAME" -a > $CLIENT_CERT_DIR/transport.pem +AtoB $CLIENT_CERT_DIR/transport.pem $CLIENT_CERT_DIR/transport.crt + +# import transport certificate +certutil -A -d $CLIENT_CERT_DIR -n "$CERT_NAME" -i $CLIENT_CERT_DIR/transport.pem -t u,u,u + +# generate options +java -classpath $CLASSPATH com.netscape.cms.servlet.test.GeneratePKIArchiveOptions -d $CLIENT_CERT_DIR -k $CLIENT_CERT_DIR/symkey.out -o $CLIENT_CERT_DIR/options.out -t $CLIENT_CERT_DIR/transport.crt -w Secret123 + +# run KRA test +cd $SRC_DIR/pki/base/kra/functional +python drmclient.py -d $CLIENT_CERT_DIR --options=options.out --symkey=symkey.out -p 12080 -n "$CERT_NAME" diff --git a/scripts/kra-remove.sh b/scripts/kra-remove.sh index b865456..c639ae3 100755 --- a/scripts/kra-remove.sh +++ b/scripts/kra-remove.sh @@ -3,4 +3,4 @@ SRC_DIR=`cd ../.. ; pwd` INSTANCE_NAME=kra-master -pkidestroy -s KRA -i $INSTANCE_NAME +pkidestroy -v -s KRA -i $INSTANCE_NAME diff --git a/scripts/kra-run.sh b/scripts/kra-run.sh index a83b102..b02a984 100755 --- a/scripts/kra-run.sh +++ b/scripts/kra-run.sh @@ -1,3 +1,5 @@ #!/bin/sh -x -java -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n -classpath :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/kra-master -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/kra-master/temp -Djava.util.logging.config.file=/var/lib/pki/kra-master/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start +INSTANCE_NAME=kra-master + +java -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n -classpath :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/$INSTANCE_NAME -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/$INSTANCE_NAME/temp -Djava.util.logging.config.file=/var/lib/pki/$INSTANCE_NAME/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start diff --git a/scripts/kra.cfg b/scripts/kra.cfg new file mode 100644 index 0000000..5c8d7cf --- /dev/null +++ b/scripts/kra.cfg @@ -0,0 +1,228 @@ +############################################################################### +## 'Sensitive' Data: ## +## ## +## Values in this section pertain to various PKI subsystems, and contain ## +## required 'sensitive' information which MUST ALWAYS be provided by users. ## +## ## +## IMPORTANT: Sensitive data values must NEVER be displayed to the ## +## console NOR stored in log files!!! ## +############################################################################### +[Sensitive] +pki_admin_password=Secret123 +pki_backup_password=Secret123 +pki_client_database_password=Secret123 +pki_client_pkcs12_password=Secret123 +pki_clone_pkcs12_password=Secret123 +pki_ds_password=Secret123 +pki_security_domain_password=Secret123 +pki_token_password=Secret123 +############################################################################### +## 'Common' Data: ## +## ## +## Values in this section are common to more than one PKI subsystem, and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## +## ## +## NOTE: Default values will be generated for any and all required ## +## 'common' data values which are left undefined. ## +############################################################################### +[Common] +pki_admin_cert_request_type=crmf +pki_admin_domain_name= +pki_admin_dualkey=False +pki_admin_email=kraadmin@example.com +pki_admin_keysize=2048 +pki_admin_name=kraadmin +pki_admin_nickname=kraadmin +pki_admin_subject_dn= +pki_admin_uid=kraadmin +pki_audit_group=pkiaudit +pki_audit_signing_key_algorithm=SHA256withRSA +pki_audit_signing_key_size=2048 +pki_audit_signing_key_type=rsa +pki_audit_signing_nickname= +pki_audit_signing_signing_algorithm=SHA256withRSA +pki_audit_signing_subject_dn= +pki_audit_signing_token= +pki_backup_keys=False +pki_client_database_dir=/var/lib/pki/kra-master/kra/certs +pki_client_database_purge=False +pki_client_dir= +pki_ds_base_dn=dc=kra,dc=example,dc=com +pki_ds_bind_dn=cn=Directory Manager +pki_ds_database=kra +pki_ds_hostname= +pki_ds_ldap_port=389 +pki_ds_ldaps_port=636 +pki_ds_remove_data=True +pki_ds_secure_connection=False +pki_group=pkiuser +pki_issuing_ca= +pki_restart_configured_instance=True +pki_security_domain_hostname= +pki_security_domain_https_port=8443 +pki_security_domain_name=EXAMPLE +pki_security_domain_user=caadmin +pki_ssl_server_key_algorithm=SHA256withRSA +pki_ssl_server_key_size=2048 +pki_ssl_server_key_type=rsa +pki_ssl_server_nickname= +pki_ssl_server_subject_dn= +pki_ssl_server_token= +pki_subsystem_key_algorithm=SHA256withRSA +pki_subsystem_key_size=2048 +pki_subsystem_key_type=rsa +pki_subsystem_nickname= +pki_subsystem_subject_dn= +pki_subsystem_token= +pki_token_name=internal +pki_user=pkiuser +############################################################################### +## 'Apache' Data: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Apache' (RA and TPS subsystems), and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[Apache] +pki_instance_name=pki-apache +pki_http_port=80 +pki_https_port=443 +############################################################################### +## 'Tomcat' Data: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## +## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## +## or a 'TKS Clone', change the value of 'pki_clone' ## +## from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[Tomcat] +pki_ajp_port=12009 +pki_clone=False +pki_clone_pkcs12_path= +pki_clone_replication_security=None +pki_clone_uri= +pki_enable_java_debugger=False +pki_enable_proxy=False +pki_http_port=12080 +pki_https_port=12443 +pki_instance_name=kra-master +pki_proxy_http_port=80 +pki_proxy_https_port=443 +pki_security_manager=false +pki_tomcat_server_port=12005 +############################################################################### +## 'CA' Data: ## +## ## +## Values in this section are common to CA subsystems including 'PKI CAs', ## +## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## EXTERNAL CAs: To specify an 'External CA', change the value ## +## of 'pki_external' from 'False' to 'True'. ## +## ## +## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## +## of 'pki_subordinate' from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[CA] +pki_ca_signing_key_algorithm=SHA256withRSA +pki_ca_signing_key_size=2048 +pki_ca_signing_key_type=rsa +pki_ca_signing_nickname= +pki_ca_signing_signing_algorithm=SHA256withRSA +pki_ca_signing_subject_dn= +pki_ca_signing_token= +pki_external=False +pki_external_ca_cert_chain_path= +pki_external_ca_cert_path= +pki_external_csr_path= +pki_external_step_two=False +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subordinate=False +pki_subsystem=CA +pki_subsystem_name= +############################################################################### +## 'KRA' Data: ## +## ## +## Values in this section are common to KRA subsystems ## +## including 'PKI KRAs' and 'Cloned KRAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[KRA] +pki_storage_key_algorithm=SHA256withRSA +pki_storage_key_size=2048 +pki_storage_key_type=rsa +pki_storage_nickname= +pki_storage_signing_algorithm=SHA256withRSA +pki_storage_subject_dn= +pki_storage_token= +pki_subsystem=KRA +pki_subsystem_name= +pki_transport_key_algorithm=SHA256withRSA +pki_transport_key_size=2048 +pki_transport_key_type=rsa +pki_transport_nickname= +pki_transport_signing_algorithm=SHA256withRSA +pki_transport_subject_dn= +pki_transport_token= +############################################################################### +## 'OCSP' Data: ## +## ## +## Values in this section are common to OCSP subsystems ## +## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[OCSP] +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subsystem=OCSP +pki_subsystem_name= +############################################################################### +## 'RA' Data: ## +## ## +## Values in this section are common to PKI RA subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[RA] +pki_subsystem=RA +pki_subsystem_name= +############################################################################### +## 'TKS' Data: ## +## ## +## Values in this section are common to TKS subsystems ## +## including 'PKI TKSs' and 'Cloned TKSs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TKS] +pki_subsystem=TKS +pki_subsystem_name= +############################################################################### +## 'TPS' Data: ## +## ## +## Values in this section are common to PKI TPS subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TPS] +pki_subsystem=TPS +pki_subsystem_name= -- cgit