blob: bbdf33c76be2b1d3e18adaa6c85dea151f7f102c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
#!/bin/sh -x
PKI_DEV_SRC=`cd .. ; pwd`
INSTANCE_NAME=pki-ca
PASSWORD=Secret123
PIN=`grep preop.pin= /var/lib/$INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'`
REALM=EXAMPLE-COM
CERTS=$PKI_DEV_SRC/certs/ca
rm -rf $CERTS
mkdir -p $CERTS
pkisilent ConfigureCA \
-cs_hostname $HOSTNAME \
-cs_port 9443 \
-preop_pin $PIN \
-client_certdb_dir "$CERTS" \
-client_certdb_pwd "$PASSWORD" \
-token_name "internal" \
-domain_name "$REALM" \
-subsystem_name "Certificate Authority" \
-ldap_host "localhost" \
-ldap_port "389" \
-base_dn "ou=ca,dc=example,dc=com" \
-db_name "example.com-$INSTANCE_NAME" \
-bind_dn "cn=Directory Manager" \
-bind_password "$PASSWORD" \
-remove_data true \
-key_type rsa \
-key_size 2048 \
-key_algorithm SHA256withRSA \
-signing_signingalgorithm SHA256withRSA \
-save_p12 true \
-backup_fname "$CERTS/ca-server-certs.p12" \
-backup_pwd "$PASSWORD" \
-ca_sign_cert_subject_name "CN=Certificate Authority,O=$REALM" \
-ca_ocsp_cert_subject_name "CN=OCSP Signing Certificate,O=$REALM" \
-ca_server_cert_subject_name "CN=$HOSTNAME,O=$REALM" \
-ca_subsystem_cert_subject_name "CN=CA Subsystem Certificate,O=$REALM" \
-ca_audit_signing_cert_subject_name "CN=CA Audit Signing Certificate,O=$REALM" \
-admin_user "caadmin" \
-agent_name "caadmin" \
-admin_email "caadmin@example.com" \
-admin_password "$PASSWORD" \
-agent_key_size 2048 \
-agent_key_type rsa \
-agent_cert_subject "CN=caadmin,UID=caadmin,E=caadmin@example.com,O=$REALM"
echo $PASSWORD > "$CERTS/password.txt"
PKCS12Export -d "$CERTS" -o "$CERTS/ca-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt"
systemctl restart pki-cad@$INSTANCE_NAME.service
|
