From 71bbe9874375a7493679c71dc3501f239765ce3f Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 20 Jul 2017 08:50:56 +0200
Subject: Added third-party CA scripts.

---
 scripts/third-party-create.sh | 27 +++++++++++++++++++++++++++
 scripts/third-party-import.sh |  3 +++
 2 files changed, 30 insertions(+)
 create mode 100755 scripts/third-party-create.sh
 create mode 100755 scripts/third-party-import.sh

(limited to 'scripts')

diff --git a/scripts/third-party-create.sh b/scripts/third-party-create.sh
new file mode 100755
index 0000000..a043a5c
--- /dev/null
+++ b/scripts/third-party-create.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+rm -rf third
+mkdir third
+echo Secret123 > third/password.txt
+certutil -N -d third -f third/password.txt
+openssl rand -out third/noise.bin 2048
+
+# generate external CA certificate
+
+echo -e "y\n\ny\n" | \
+ certutil -S \
+ -d third \
+ -f third/password.txt \
+ -z third/noise.bin \
+ -n "Third-party CA" \
+ -s "CN=Third-party CA,O=OTHER" \
+ -x \
+ -t "CTu,Cu,Cu" \
+ -m $RANDOM\
+ -2 \
+ --keyUsage certSigning \
+ --nsCertType sslCA,smimeCA,objectSigningCA
+
+certutil -L -d third -n "Third-party CA" -a > third-party.crt
+
+openssl crl2pkcs7 -nocrl -certfile third-party.crt -out third-party.p7b
diff --git a/scripts/third-party-import.sh b/scripts/third-party-import.sh
new file mode 100755
index 0000000..e552b9e
--- /dev/null
+++ b/scripts/third-party-import.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+certutil -A -d /var/lib/pki/pki-tomcat/alias -n "Third-party CA" -t "CT,C,C" -i third-party.crt
-- 
cgit