summaryrefslogtreecommitdiffstats
path: root/scripts/ca-existing-export-certs.sh
blob: 3645488024f2be085d98ae29227718001c7cc6ad (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

#!/bin/sh -x

#grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > tmp/internal.txt
#PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca-certs.p12
#PKCS12Export -d /var/lib/pki/pki-tomcat/alias -p tmp/internal.txt -w password.txt -o tmp/ca-certs.p12

#pki pkcs12-cert-find --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt
#pki pkcs12-key-find --pkcs12-file tmp/ca-certs.p12 --pkcs12-password-file password.txt

certutil -L -d /var/lib/pki/pki-tomcat/alias -n "ca_signing" -a > tmp/ca_signing.crt
certutil -L -d /var/lib/pki/pki-tomcat/alias -n "ca_ocsp_signing" -a > tmp/ca_ocsp_signing.crt
certutil -L -d /var/lib/pki/pki-tomcat/alias -n "ca_audit_signing" -a > tmp/ca_audit_signing.crt
certutil -L -d /var/lib/pki/pki-tomcat/alias -n "subsystem" -a > tmp/subsystem.crt
certutil -L -d /var/lib/pki/pki-tomcat/alias -n "sslserver" -a > tmp/sslserver.crt

echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_signing.csr
sed -n "/^ca.signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_signing.csr
echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_signing.csr

echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_ocsp_signing.csr
sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_ocsp_signing.csr
echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_ocsp_signing.csr

echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/sslserver.csr
sed -n "/^ca.sslserver.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/sslserver.csr
echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/sslserver.csr

echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/subsystem.csr
sed -n "/^ca.subsystem.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/subsystem.csr
echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/subsystem.csr

echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > tmp/ca_audit_signing.csr
sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> tmp/ca_audit_signing.csr
echo "-----END NEW CERTIFICATE REQUEST-----" >> tmp/ca_audit_signing.csr

#cp ~/.dogtag/pki-tomcat/ca_admin.cert tmp
#cp ~/.dogtag/pki-tomcat/ca_admin_cert.p12 tmp
generated by cgit (git 2.34.1) at 2024-04-24 01:52:04 +0000