blob: 81232da06435aa908b313d6fc5a1ce77789343ee (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
#!/bin/sh -x
INSTANCE=pki-tomcat
PASSWORD=Secret123
NSSDB_DIR=/etc/dirsrv/slapd-$INSTANCE
echo $PASSWORD > $NSSDB_DIR/password.txt
chown nobody.nobody $NSSDB_DIR/password.txt
chmod 400 $NSSDB_DIR/password.txt
echo "Internal (Software) Token:$PASSWORD" > $NSSDB_DIR/pin.txt
chown nobody.nobody $NSSDB_DIR/pin.txt
chmod 400 $NSSDB_DIR/pin.txt
certutil -W -d $NSSDB_DIR -f $NSSDB_DIR/password.txt
echo -e "y\n\ny\n" | \
certutil -S -x \
-d $NSSDB_DIR \
-f $NSSDB_DIR/password.txt \
-z noise.bin \
-n "DS CA Signing Certificate" \
-s "CN=DS CA Signing Certificate" \
-t "CTu,Cu,Cu" \
-m $RANDOM\
-2 \
--keyUsage certSigning \
--nsCertType sslCA,smimeCA,objectSigningCA
certutil -L -d $NSSDB_DIR -n "DS CA Signing Certificate" -a > ca.crt
echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \
certutil -C -a \
-d $NSSDB_DIR \
-f $NSSDB_DIR/password.txt \
-m $RANDOM \
-i ds.csr \
-o ds.crt \
-c "DS CA Signing Certificate" \
-1 -2
#echo -e "0\n1\n2\n3\n9\ny\n" | \
# certutil -S -x \
# -d $NSSDB_DIR \
# -f $NSSDB_DIR/password.txt \
# -z noise.bin \
# -n "$HOSTNAME" \
# -s "CN=$HOSTNAME" \
# -t "CT,C,C" \
# -m $RANDOM\
# -1
certutil -L -d $NSSDB_DIR -n "$HOSTNAME" -a > $HOSTNAME.crt
|
