blob: 2fdecde3f58708161611dee5e8484e54b6c5a503 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
#!/bin/sh -x
mkdir -p build
cp ca_signing.crt /tmp
cp external.crt /tmp
PIN=`grep preop.pin= /var/lib/pki-ca/conf/CS.cfg | awk -F= '{ print $2; }'`
NSSDB_PASSWORD=`grep internal= /var/lib/pki-ca/conf/password.conf | awk -F = '{ print $2; }'`
pkisilent ConfigureCA \
-cs_hostname $HOSTNAME \
-cs_port 9443 \
-preop_pin $PIN \
-client_certdb_dir /var/lib/pki-ca/certs \
-client_certdb_pwd Secret123 \
-token_name internal \
-domain_name EXAMPLE-COM \
-subsystem_name 'Certificate Authority' \
-ldap_host $HOSTNAME \
-ldap_port 389 \
-base_dn ou=ca,dc=example,dc=com \
-db_name example.com-pki-ca \
-bind_dn 'cn=Directory Manager' \
-bind_password Secret123 \
-remove_data true \
-key_type rsa \
-key_size 2048 \
-key_algorithm SHA256withRSA \
-signing_signingalgorithm SHA256withRSA \
-save_p12 true \
-backup_fname /var/lib/pki-ca/certs/ca-server-certs.p12 \
-backup_pwd Secret123 \
-ca_sign_cert_subject_name 'CN=Certificate Authority,O=EXAMPLE-COM' \
-ca_ocsp_cert_subject_name 'CN=OCSP Signing Certificate,O=EXAMPLE-COM' \
-ca_server_cert_subject_name CN=$HOSTNAME,O=EXAMPLE-COM \
-ca_subsystem_cert_subject_name 'CN=CA Subsystem Certificate,O=EXAMPLE-COM' \
-ca_audit_signing_cert_subject_name 'CN=CA Audit Signing Certificate,O=EXAMPLE-COM' \
-admin_user caadmin \
-agent_name caadmin \
-admin_email caadmin@example.com \
-admin_password Secret123 \
-agent_key_size 2048 \
-agent_key_type rsa \
-agent_cert_subject CN=caadmin,UID=caadmin,E=caadmin@example.com,O=EXAMPLE-COM \
-external true \
-ext_ca_cert_file /tmp/ca_signing.crt \
-ext_ca_cert_chain_file /tmp/external.crt | tee build/external-step2.log
|