1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
#!/bin/sh
user=$1
if [ "$user" == "" ]; then
home=$HOME
else
home=/home/$user
fi
echo HOME=$home
SRC_DIR=`cd ../.. ; pwd`
FIREFOX_DIR=$home/.mozilla/firefox
PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
CA_INSTANCE_NAME=pki-tomcat
KRA_INSTANCE_NAME=pki-tomcat
OCSP_INSTANCE_NAME=pki-tomcat
TKS_INSTANCE_NAME=pki-tomcat
CA_ADMIN_CERT_NICKNAME="PKI Administrator's idm.lab.bos.redhat.com Security Domain ID"
KRA_ADMIN_CERT_NICKNAME="PKI Administrator's idm.lab.bos.redhat.com Security Domain ID"
OCSP_ADMIN_CERT_NICKNAME="PKI Administrator's idm.lab.bos.redhat.com Security Domain ID"
TKS_ADMIN_CERT_NICKNAME="PKI Administrator's idm.lab.bos.redhat.com Security Domain ID"
CA_CERT_DIR=/var/lib/pki/$CA_INSTANCE_NAME/alias
CA_CERT_P12=$CA_CERT_DIR/ca_admin_cert.p12
KRA_CERT_DIR=/var/lib/pki/$KRA_INSTANCE_NAME/alias
KRA_CERT_P12=$KRA_CERT_DIR/ca_admin_cert.p12
OCSP_CERT_DIR=/var/lib/pki/$OCSP_INSTANCE_NAME/alias
OCSP_CERT_P12=$OCSP_CERT_DIR/ca_admin_cert.p12
TKS_CERT_DIR=/var/lib/pki/$TKS_INSTANCE_NAME/alias
TKS_CERT_P12=$TKS_CERT_DIR/ca_admin_cert.p12
################################################################################
# Importing CA certificate
################################################################################
CA_CERT_NAME="caSigningCert cert-$CA_INSTANCE_NAME CA"
echo Exporting CA certificate...
certutil -L -d $CA_CERT_DIR -n "$CA_CERT_NAME" -a > $CA_CERT_DIR/ca.pem
AtoB $CA_CERT_DIR/ca.pem $CA_CERT_DIR/ca.crt
echo Importing CA certificate...
certutil -A -d $FIREFOX_DIR/$PROFILE -n "$CA_CERT_NAME" -i $CA_CERT_DIR/ca.pem -t CT,C,C
################################################################################
# Importing server certificate
################################################################################
SERVER_CERT_NAME="Server-Cert cert-$CA_INSTANCE_NAME"
echo Exporting server certificate...
certutil -L -d $CA_CERT_DIR -n "$SERVER_CERT_NAME" -a > $CA_CERT_DIR/server.pem
AtoB $CA_CERT_DIR/server.pem $CA_CERT_DIR/server.crt
echo Importing server certificate...
certutil -A -d $FIREFOX_DIR/$PROFILE -n "$SERVER_CERT_NAME" -i $CA_CERT_DIR/server.pem -t CT,C,C
################################################################################
# Importing CA admin certificate
################################################################################
if [ -e $CA_CERT_P12 ]
then
echo Importing CA admin certificate...
pk12util -i $CA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
certutil -M -n "$CA_ADMIN_CERT_NICKNAME" -t u,u,u -d $FIREFOX_DIR/$PROFILE
fi
################################################################################
# Importing KRA admin certificate
################################################################################
if [ -e $KRA_CERT_P12 ]
then
echo Importing KRA admin certificate...
pk12util -i $KRA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
certutil -M -n "$KRA_ADMIN_CERT_NICKNAME" -t u,u,u -d $FIREFOX_DIR/$PROFILE
fi
################################################################################
# Importing OCSP admin certificate
################################################################################
if [ -e $OCSP_CERT_P12 ]
then
echo Importing OCSP admin certificate...
pk12util -i $OCSP_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
certutil -M -n "$OCSP_ADMIN_CERT_NICKNAME" -t u,u,u -d $FIREFOX_DIR/$PROFILE
fi
################################################################################
# Importing TKS admin certificate
################################################################################
if [ -e $TKS_CERT_P12 ]
then
echo Importing TKS admin certificate...
pk12util -i $TKS_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
certutil -M -n "$TKS_ADMIN_CERT_NICKNAME" -t u,u,u -d $FIREFOX_DIR/$PROFILE
fi
|
