blob: 4a53a0ba02f35094ffefe8e5d70e101be2c79ad3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#!/bin/sh -x
. ./tps-include.sh
PIN=`grep preop.pin= $INSTANCE_ROOT/$TPS_INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'`
CERTS=$SRC_DIR/pki-dev/certs/tps
rm -rf $CERTS
mkdir -p $CERTS
if [ "$TPS_SECURE_PORT" == "" ]; then
PORT="$TPS_ADMIN_SECURE_PORT"
else
PORT="$TPS_SECURE_PORT"
fi
pkisilent ConfigureTPS \
-cs_hostname $HOSTNAME \
-cs_port $PORT \
-cs_clientauth_port $PORT \
-preop_pin $PIN \
-client_certdb_dir "$CERTS" \
-client_certdb_pwd "$PASSWORD" \
-token_name "internal" \
-sd_hostname "$HOSTNAME" \
-sd_admin_port 9443 \
-sd_ssl_port 9443 \
-sd_agent_port 9443 \
-sd_admin_name "caadmin" \
-sd_admin_password "$PASSWORD" \
-domain_name "$REALM" \
-subsystem_name "$TPS_SUBSYSTEM_NAME" \
-ldap_host "$TPS_LDAP_HOST" \
-ldap_port "$TPS_LDAP_PORT" \
-base_dn "$TPS_LDAP_BASE_DN" \
-db_name "$TPS_LDAP_DATABASE" \
-bind_dn "$TPS_LDAP_BIND_DN" \
-bind_password "$TPS_LDAP_PASSWORD" \
-key_type rsa \
-key_size 2048 \
-tps_server_cert_subject_name "$TPS_SERVER_CERT_SUBJECT_NAME" \
-tps_subsystem_cert_subject_name "$TPS_SUBSYSTEM_CERT_SUBJECT_NAME" \
-tps_audit_signing_cert_subject_name "$TPS_AUDIT_SIGNING_CERT_SUBJECT_NAME" \
-ca_hostname "$HOSTNAME" \
-ca_port 9180 \
-ca_ssl_port 9443 \
-ca_admin_port 9443 \
-drm_hostname "$HOSTNAME" \
-drm_ssl_port 12443 \
-admin_user "$CA_ADMIN_USER" \
-agent_name "$CA_ADMIN_NAME" \
-admin_email "$CA_ADMIN_EMAIL" \
-admin_password "$CA_ADMIN_PASSWORD" \
-agent_key_size 2048 \
-agent_key_type rsa \
-agent_cert_subject "$CA_ADMIN_CERT_SUBJECT"
echo $PASSWORD > "$CERTS/password.txt"
PKCS12Export -d "$CERTS" -o "$CERTS/tps-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt"
systemctl restart pki-tpsd@$TPS_INSTANCE_NAME.service
|