blob: ecbec5700c9078fe7c05f17555be26c5efbc564c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#!/bin/sh -x
rm -rf ca.p12
rm -rf ca_signing.csr
rm -rf ca_ocsp_signing.csr
rm -rf sslserver.csr
rm -rf subsystem.csr
rm -rf ca_audit_signing.csr
#grep internal= /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2;}' > internal.txt
#PKCS12Export -d /var/lib/pki/pki-tomcat/alias -p internal.txt -o ca.p12 -w password.txt
#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_signing.csr
#grep ca.signing.certreq /var/lib/pki/pki-tomcat/ca/conf/CS.cfg | awk -F= '{print $2;}' >> ca_signing.csr
#echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_signing.csr
#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_ocsp_signing.csr
#sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_ocsp_signing.csr
#echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_ocsp_signing.csr
#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > sslserver.csr
#sed -n "/^ca.sslserver.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> sslserver.csr
#echo "-----END NEW CERTIFICATE REQUEST-----" >> sslserver.csr
#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > subsystem.csr
#sed -n "/^ca.subsystem.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> subsystem.csr
#echo "-----END NEW CERTIFICATE REQUEST-----" >> subsystem.csr
#echo "-----BEGIN NEW CERTIFICATE REQUEST-----" > ca_audit_signing.csr
#sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> ca_audit_signing.csr
#echo "-----END NEW CERTIFICATE REQUEST-----" >> ca_audit_signing.csr
pki-server subsystem-cert-export ca signing \
--csr-file ca_signing.csr \
--pkcs12-file ca.p12 \
--pkcs12-password-file password.txt
pki-server subsystem-cert-export ca ocsp_signing \
--append \
--csr-file ca_ocsp_signing.csr \
--pkcs12-file ca.p12 \
--pkcs12-password-file password.txt
#pki-server subsystem-cert-export ca sslserver \
# --append \
# --csr-file sslserver.csr \
# --pkcs12-file ca.p12 \
# --pkcs12-password-file password.txt
pki-server subsystem-cert-export ca subsystem \
--append \
--csr-file subsystem.csr \
--pkcs12-file ca.p12 \
--pkcs12-password-file password.txt
pki-server subsystem-cert-export ca audit_signing \
--append \
--csr-file ca_audit_signing.csr \
--pkcs12-file ca.p12 \
--pkcs12-password-file password.txt
pki pkcs12-cert-find --pkcs12-file ca.p12 --pkcs12-password-file password.txt
pki pkcs12-key-find --pkcs12-file ca.p12 --pkcs12-password-file password.txt
|
