#!/bin/sh -x

mkdir -p tmp

ROOT=`cat tmp/rootca.txt`

cat > tmp/subca.cfg << EOF
[DEFAULT]
pki_pin=Secret.123

#pki_https_port=9443
#pki_http_port=9443

#[Tomcat]
#pki_ajp_port=9009
#pki_tomcat_server_port=9005

[CA]
pki_admin_email=caadmin@example.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=Secret.123
pki_admin_uid=caadmin

pki_subordinate=True
pki_issuing_ca_hostname=$ROOT
pki_issuing_ca_https_port=8443
pki_ca_signing_subject_dn=cn=Subordinate CA Signing Certificate,o=SUBORDINATE

pki_client_database_password=Secret.123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret.123

pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
pki_ds_database=ca
pki_ds_password=Secret.123

pki_security_domain_hostname=$ROOT
pki_security_domain_https_port=8443
pki_security_domain_user=caadmin
pki_security_domain_password=Secret.123

#pki_subordinate_create_new_security_domain=True
#pki_subordinate_security_domain_name=SUBORDINATE

#pki_ca_signing_nickname=edewata/%(pki_instance_name)s/ca_signing
#pki_ocsp_signing_nickname=edewata/%(pki_instance_name)s/ca_ocsp_signing
#pki_audit_signing_nickname=edewata/%(pki_instance_name)s/ca_audit_signing
#pki_sslserver_nickname=edewata/%(pki_instance_name)s/sslserver
#pki_subsystem_nickname=edewata/%(pki_instance_name)s/subsystem

pki_ca_signing_nickname=ca_signing
pki_ocsp_signing_nickname=ca_ocsp_signing
pki_audit_signing_nickname=ca_audit_signing
pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem
EOF

pkispawn -v -f tmp/subca.cfg -s CA