#!/bin/sh #### CA Cert #### pki cert-show --output external_ca.cert 0x1 #pki cert-show --output external_ca_chain.cert 0x1 #### Admin Cert #### REQUEST_ID=`pki ca-cert-request-submit --profile caUserCert --csr-file ocsp_admin.csr --subject uid=ocspadmin | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID pki cert-show --output ocsp_admin.cert $CERT_ID #### OCSP Signing Cert #### REQUEST_ID=`pki ca-cert-request-submit --profile caOCSPSigningCert --csr-file ocsp_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID pki cert-show --output ocsp_signing.cert $CERT_ID #### Server Cert #### REQUEST_ID=`pki ca-cert-request-submit --profile caServerCert --csr-file ocsp_sslserver.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID pki cert-show --output ocsp_sslserver.cert $CERT_ID #### Subsystem Cert #### REQUEST_ID=`pki ca-cert-request-submit --profile caSubsystemCert --csr-file ocsp_subsystem.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID pki cert-show --output ocsp_subsystem.cert $CERT_ID #### Audit Signing Cert #### REQUEST_ID=`pki ca-cert-request-submit --profile caSignedLogCert --csr-file ocsp_audit_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID pki cert-show --output ocsp_audit_signing.cert $CERT_ID