diff options
author | Asha Akkiangady <aakkiang@redhat.com> | 2014-11-21 16:59:09 -0500 |
---|---|---|
committer | Asha Akkiangady <aakkiang@redhat.com> | 2014-11-21 17:04:13 -0500 |
commit | fe192dfdc88df0baecfd020f88b307073464aebd (patch) | |
tree | 67907a7848748c9b799ed7ee89637afc28b3a9ca /tests | |
parent | 46d7be6f5d24e025df30b382065addfb30c8032f (diff) | |
download | pki-fe192dfdc88df0baecfd020f88b307073464aebd.tar.gz pki-fe192dfdc88df0baecfd020f88b307073464aebd.tar.xz pki-fe192dfdc88df0baecfd020f88b307073464aebd.zip |
Added check for installation to exit if CA
install fails.
env.sh client_database_dir param included for
every CA install.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh | 42 | ||||
-rwxr-xr-x | tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh | 11 | ||||
-rwxr-xr-x | tests/dogtag/acceptance/quickinstall/rhcs-install.sh | 24 | ||||
-rwxr-xr-x | tests/dogtag/runtest.sh | 4 | ||||
-rw-r--r-- | tests/dogtag/shared/env.sh | 13 |
5 files changed, 62 insertions, 32 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh index da529653c..72e6b59a9 100644 --- a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh @@ -69,23 +69,33 @@ SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) eval ${subsystemId}_adminV_user=${subsystemId}_adminV eval ${subsystemId}_adminV_fullName=${subsystemId}_Admin_ValidCert +eval ${subsystemId}_adminV_password=${subsystemId}_adminV_password eval ${subsystemId}_adminR_user=${subsystemId}_adminR eval ${subsystemId}_adminR_fullName=${subsystemId}_Admin_RevokedCert +eval ${subsystemId}_adminR_password=${subsystemId}_adminR_password eval ${subsystemId}_adminE_user=${subsystemId}_adminE eval ${subsystemId}_adminE_fullName=${subsystemId}_admin_ExpiredCert +eval ${subsystemId}_adminE_password=${subsystemId}_adminE_password eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA eval ${subsystemId}_adminUTCA_fullName=${subsystemId}_Admin_CertIssuedByUntrustedCA +eval ${subsystemId}_adminUTCA_password=${subsystemId}_adminUTCA_password eval ${subsystemId}_agentV_user=${subsystemId}_agentV eval ${subsystemId}_agentV_fullName=${subsystemId}_Agent_ValidCert +eval ${subsystemId}_agentV_password=${subsystemId}_agentV_password eval ${subsystemId}_agentR_user=${subsystemId}_agentR eval ${subsystemId}_agentR_fullName=${subsystemId}_Agent_RevokedCert +eval ${subsystemId}_agentR_password=${subsystemId}_agentR_password eval ${subsystemId}_agentE_user=${subsystemId}_agentE eval ${subsystemId}_agentE_fullName=${subsystemId}_agent_ExpiredCert +eval ${subsystemId}_agentE_password=${subsystemId}_agentE_password eval ${subsystemId}_agentUTCA_user=${subsystemId}_agentUTCA eval ${subsystemId}_agentUTCA_fullName=${subsystemId}_Agent_CertIssuedByUntrustedCA +eval ${subsystemId}_agentUTCA_password=${subsystemId}_agentUTCA_password eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_auditV_fullName=${subsystemId}_Audit_ValidCert +eval ${subsystemId}_auditV_password=${subsystemId}_auditV_password eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_operatorV_password=${subsystemId}_operatorV_password eval ${subsystemId}_operatorV_fullName=${subsystemId}_Operator_ValidCert export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_adminE_user ${subsystemId}_adminUTCA_user ${subsystemId}_agentV_user ${subsystemId}_agentR_user ${subsystemId}_agentE_user ${subsystemId}_agentUT${subsystemId}_user ${subsystemId}_auditV_user ${subsystemId}_operatorV_user @@ -98,8 +108,8 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi rlRun "pushd $TmpDir" rlRun "mkdir -p $CERTDB_DIR" - rlLog "importP12File $ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert_nickname" - rlRun "importP12File $ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert_nickname" 0 "Import Admin certificate to $CERTDB_DIR" + rlLog "importP12FileNew $ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert_nickname" + rlRun "importP12FileNew $ADMIN_CERT_LOCATION $CLIENT_PKCS12_PASSWORD $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert_nickname" 0 "Import Admin certificate to $CERTDB_DIR" rlRun "install_and_trust_CA_cert $ROOTCA_SERVER_ROOT $CERTDB_DIR" rlLog "Cert Database for untrusted cert's : $UNTRUSTED_CERT_DB_LOCATION" @@ -109,12 +119,12 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi rlPhaseEnd rlPhaseStartSetup "Creating user and add user to the group" - user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_auditV_user) $(eval echo \$${subsystemId}_auditV_fullName) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName)) + user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_auditV_user) $(eval echo \$${subsystemId}_auditV_fullName) $(eval echo \$${subsystemId}_auditV_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password)) i=0 while [ $i -lt ${#user[@]} ] ; do userid=${user[$i]} userfullName=${user[$i+1]} - + userpasswd=${user[$i+2]} #Create $userid user rlLog "Executing: pki -d $CERTDB_DIR \ -n \"$admin_cert_nickname\" \ @@ -122,14 +132,14 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-add --fullName=\"$userfullName\" $userid" + user-add --fullName=\"$userfullName\" $userid" --password $userpasswd rlRun "pki -d $CERTDB_DIR \ -n \"$admin_cert_nickname\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-add --fullName=\"$userfullName\" $userid" \ + user-add --fullName=\"$userfullName\" $userid" --password $userpasswd \ 0 \ "Add user $userid to CA" #=====Adding user to respective group. Administrator, Certificate Manager Agent, Auditor=====# @@ -140,7 +150,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - group-member-add Administrators $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ + group-member-add Administrators $userid --password $userpasswd > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ 0 \ "Add user $userid to Administrators group" rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" @@ -164,7 +174,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - group-member-add \"$agent_group_name\" $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ + group-member-add \"$agent_group_name\" $userid --password $userpasswd > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ 0 \ "Add user $userid to $agent_group_name" rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" @@ -177,7 +187,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - group-member-add Auditors $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ + group-member-add Auditors $userid --password $userpasswd > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ 0 \ "Add user $userid to Auditors group" rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" @@ -190,7 +200,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - group-member-add \"Trusted Managers\" $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ + group-member-add \"Trusted Managers\" $userid --password $userpasswd > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ 0 \ "Add user $userid to Trusted Managers group" rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" @@ -290,7 +300,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-cert-add $userid --input $CERTDB_DIR/validcert_001$i.pem > $CERTDB_DIR/useraddcert_001$i.out" \ + user-cert-add $userid --input $CERTDB_DIR/validcert_001$i.pem --password $userpasswd > $CERTDB_DIR/useraddcert_001$i.out" \ 0 \ "Cert is added to the user $userid" @@ -372,7 +382,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-cert-add $userid --input $CERTDB_DIR/validcert_001$i.pem > $CERTDB_DIR/useraddcert__001$i.out" \ + user-cert-add $userid --input $CERTDB_DIR/validcert_001$i.pem --password $userpasswd > $CERTDB_DIR/useraddcert__001$i.out" \ 0 \ "Cert is added to the user $userid" rlLog "Modifying profile back to the defaults" @@ -399,7 +409,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t ca \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-cert-add $userid --input /opt/rhqa_pki/dummycert1.pem" + user-cert-add $userid --input /opt/rhqa_pki/dummycert1.pem --password $userpasswd" rlRun "pki -d $CERTDB_DIR/ \ -n \"$admin_cert_nickname\" \ @@ -407,7 +417,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-cert-add $userid --input /opt/rhqa_pki/dummycert1.pem > $CERTDB_DIR/useraddcert__001$i.out" \ + user-cert-add $userid --input /opt/rhqa_pki/dummycert1.pem --password $userpasswd > $CERTDB_DIR/useraddcert__001$i.out" \ 0 \ "Cert is added to the user $userid" elif [ $userid == $(eval echo \$${subsystemId}_agentUTCA_user) ]; then @@ -418,7 +428,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi -h $SUBSYSTEM_HOST \ -t $SUBSYSTEM_TYPE \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-cert-add $userid --input /opt/rhqa_pki/dummycert1.pem > $CERTDB_DIR/useraddcert__001$i.out" \ + user-cert-add $userid --input /opt/rhqa_pki/dummycert1.pem --password $userpasswd > $CERTDB_DIR/useraddcert__001$i.out" \ 0 \ "Cert is added to the user $userid" #Revoke certificate of user ${subsystemId}_adminR and ${subsystemId}_agentR @@ -444,7 +454,7 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/revokecert__001$i.out" rlAssertGrep "Status: REVOKED" "$CERTDB_DIR/revokecert__001$i.out" fi - let i=$i+2 + let i=$i+3 done rlPhaseEnd } diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh index 84e8b10a3..69b3f5097 100755 --- a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh +++ b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh @@ -589,7 +589,8 @@ rhcs_install_prep_disableFirewall() rhcs_install_cloneCA() { - rlPhaseStartTest "rhcs_install_clone_ca - Install RHCS CLONE CA Server" + rlPhaseStartTest "rhcs_install_clone_ca - Install RHCS CLONE CA Server BZ1165864" + rlLog "Failing due to: https://bugzilla.redhat.com/show_bug.cgi?id=1165864" local INSTANCECFG="/tmp/cloneca_instance.inf" local INSTANCE_CREATE_OUT="/tmp/cloneca_instance_create.out" rlLog "$FUNCNAME" @@ -631,7 +632,6 @@ rhcs_install_cloneCA() echo "pki_clone_replication_security=$REPLICATION_SEC" >> $INSTANCECFG echo "pki_clone_uri=https://$master_hostname:$(eval echo \$${CA}_SECURE_PORT)" >> $INSTANCECFG echo "pki_client_dir=$CLIENT_DIR" >> $INSTANCECFG - echo "[CA]" >> $INSTANCECFG echo "pki_admin_name=$(eval echo \$CLONE_CA${number}_ADMIN_USER)" >> $INSTANCECFG @@ -836,7 +836,8 @@ rhcs_install_SubCA(){ rhcs_install_cloneKRA(){ - rlPhaseStartTest "rhcs_install_clonekra_only - Install RHCS CLONE KRA Server" + rlPhaseStartTest "rhcs_install_clonekra_only - Install RHCS CLONE KRA Server BZ1165864" + rlLog "Failing due to: https://bugzilla.redhat.com/show_bug.cgi?id=1165864" local INSTANCECFG="/tmp/clonekra_instance.inf" local INSTANCE_CREATE_OUT="/tmp/clonekra_instance_create.out" rlLog "$FUNCNAME" @@ -1044,7 +1045,8 @@ rhcs_install_cloneOCSP(){ rhcs_install_cloneTKS(){ - rlPhaseStartTest "rhcs_install_clonetks_only - Install RHCS CLONE TKS Server" + rlPhaseStartTest "rhcs_install_clonetks_only - Install RHCS CLONE TKS Server BZ1165864" + rlLog "Failing due to: https://bugzilla.redhat.com/show_bug.cgi?id=1165864" local INSTANCECFG="/tmp/clonetks_instance.inf" local INSTANCE_CREATE_OUT="/tmp/clonetks_instance_create.out" rlLog "$FUNCNAME" @@ -1140,3 +1142,4 @@ rhcs_install_cloneTKS(){ rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" rlPhaseEnd } + diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh index 39bcc0c10..aeefdd1a1 100755 --- a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh +++ b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh @@ -44,6 +44,11 @@ # Include tests . ./acceptance/quickinstall/rhds-install.sh . ./acceptance/quickinstall/rhcs-install-lib.sh +##global variables## +ROOTCA_INSTALLED=TRUE +SUBCA1_INSTALLED=TRUE +SUBCA2_INSTALLED=TRUE +#################### run_rhcs_install_packages() { rlPhaseStartSetup "rhcs_install_packages: Default install" @@ -129,15 +134,14 @@ run_install_subsystem_RootCA() else rlLog "ERROR: $item package is NOT installed" rc=1 + ROOTCA_INSTALLED=FALSE break fi done if [ $rc -eq 0 ] ; then rhcs_install_RootCA - if [ $? -eq 0 ]; then - CA_INSTALLED=TRUE - else - CA_INSTALLED=FALSE + if [ $? -ne 0 ]; then + ROOTCA_INSTALLED=FALSE fi fi rlPhaseEnd @@ -159,7 +163,7 @@ run_install_subsystem_kra() { rc=1 fi - if [ $rc -eq 0 ] ; then + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then rhcs_install_kra $number $master_hostname $CA fi rlPhaseEnd @@ -181,7 +185,7 @@ run_install_subsystem_ocsp() { rc=1 fi - if [ $rc -eq 0 ] ; then + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then rhcs_install_ocsp $number $master_hostname $CA fi rlPhaseEnd @@ -227,7 +231,7 @@ run_install_subsystem_tks() { rc=1 fi - if [ $rc -eq 0 ] && [ "$CA_INSTALLED" = "TRUE" ]; then + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then rlLog "Installing TKS" rhcs_install_tks $number $master_hostname $CA fi @@ -281,11 +285,16 @@ run_install_subsystem_subca(){ else rlLog "ERROR: $item package is NOT installed" rc=1 + eval SUBCA${number}_INSTALLED=FALSE + break fi done if [ $rc -eq 0 ] ; then rlLog "Installing Sub CA" rhcs_install_SubCA $number $master_hostname $CA + if [ $? -ne 0 ]; then + eval SUBCA${number}_INSTALLED=FALSE + fi fi rlPhaseEnd } @@ -393,3 +402,4 @@ run_install_subsystem_cloneTKS(){ fi rlPhaseEnd } + diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index 9f699c4b5..ab6f2e2c1 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -200,6 +200,7 @@ rlJournalStart TOPO6_UPPERCASE=$(echo $TOPO6 | tr [a-z] [A-Z]) TOPO7_UPPERCASE=$(echo $TOPO7 | tr [a-z] [A-Z]) TOPO8_UPPERCASE=$(echo $TOPO8 | tr [a-z] [A-Z]) + TOPO9_UPPERCASE=$(echo $TOPO9 | tr [a-z] [A-Z]) get_topo_stack $MYROLE /tmp/topo_file CA_INST=$(cat /tmp/topo_file | grep MY_CA | cut -d= -f2) @@ -249,6 +250,9 @@ rlJournalStart elif [ "$TOPO8_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_8 + elif [ "$TOPO9_UPPERCASE" = "TRUE" ] ; then + run_rhcs_install_set_vars + run_rhcs_install_topo_9 fi ######## PKI USER CA TESTS ############ diff --git a/tests/dogtag/shared/env.sh b/tests/dogtag/shared/env.sh index c8a16eb0b..3973d21bf 100644 --- a/tests/dogtag/shared/env.sh +++ b/tests/dogtag/shared/env.sh @@ -5,14 +5,14 @@ ROOTCA_OCSP_SIGNING_KEY_ALGORITHM=SHA512withRSA ROOTCA_OCSP_SIGNING_SIGNING_ALGORITHM=SHA512withRSA ROOTCA_OCSP_SIGNING_TOKEN="Internal" ROOTCA_OCSP_SIGNING_NICKNAME="caocspsigningcert" -ROOTCA_OCSP_SIGNING_CERT_SUBJECT_NAME="CN=PKI ROOTCA OCSP Signing Certificate, O=Redhat" +ROOTCA_OCSP_SIGNING_CERT_SUBJECT_NAME="CN=PKI ROOTCA OCSP Signing Certificate,O=Redhat" ROOTCA_AUDIT_SIGNING_KEY_TYPE=rsa ROOTCA_AUDIT_SIGNING_KEY_SIZE=2048 ROOTCA_AUDIT_SIGNING_KEY_ALGORITHM=SHA512withRSA ROOTCA_AUDIT_SIGNING_SIGNING_ALGORITHM=SHA512withRSA ROOTCA_AUDIT_SIGNING_TOKEN=Internal ROOTCA_AUDIT_SIGNING_NICKNAME="caauditsigningcert" -ROOTCA_AUDIT_SIGNING_CERT_SUBJECT_NAME="CN=PKI ROOTCA AUDIT Signing Certificate, O=Redhat" +ROOTCA_AUDIT_SIGNING_CERT_SUBJECT_NAME="CN=PKI ROOTCA AUDIT Signing Certificate,O=Redhat" ROOTCA_SUBSYSTEM_KEY_TYPE=rsa ROOTCA_SUBYSTEM_KEY_SIZE=2048 ROOTCA_SUBSYSTEM_KEY_ALGORITHM=SHA512withRSA @@ -27,7 +27,7 @@ ROOTCA_SSL_SERVER_KEY_ALGORITHM=SHA512withRSA ROOTCA_SSL_SERVER_SIGNING_ALGORITHM=SHA512withRSA ROOTCA_SSL_SERVER_TOKEN=Internal ROOTCA_SSL_SERVER_NICKNAME="Server-Cert cert-pki-RootCA" -ROOTCA_SSL_SERVER_CERT_SUBJECT_NAME="cn=`hostname`, O=Redhat" +ROOTCA_SSL_SERVER_CERT_SUBJECT_NAME="CN=`hostname`,O=Redhat" ROOTCA_TOMCAT_INSTANCE_NAME="pki-master" ROOTCA_SECURE_PORT=30042 ROOTCA_UNSECURE_PORT=30044 @@ -50,7 +50,7 @@ ROOTCA_ADMIN_EMAIL=example@redhat.com ROOTCA_ADMIN_DUAL_KEY=True ROOTCA_ADMIN_KEY_SIZE=2048 ROOTCA_ADMIN_KEY_TYPE="rsa" -ROOTCA_ADMIN_CERT_SUBJECT_NAME="cn=PKI ROOTCA ADMIN CERT,O=redhat" +ROOTCA_ADMIN_CERT_SUBJECT_NAME="CN=PKI ROOTCA ADMIN CERT,O=redhat" ROOTCA_ADMIN_CERT_NICKNAME="caadmincert" ROOTCA_ADMIN_IMPORT_CERT=False ROOTCA_BACKUP=True @@ -59,7 +59,7 @@ ROOTCA_SECURITY_DOMAIN_PASSWORD="Secret123" ROOTCA_LDAP_PORT=389 ROOTCA_DB_SUFFIX="dc=pki-ca" ROOTCA_LDAP_INSTANCE_NAME=pki-ca-ldap -ROOTCA_CERTDB_DIR="/opt/rhqa_pki/certs_db" +ROOTCA_CERTDB_DIR="/opt/rhqa_pki/rootca/certs_db" ROOTCA_CERTDB_DIR_PASSWORD="Secret123" ########End CA params######## @@ -649,6 +649,7 @@ REPLICATION_SEC=None CLONE1_LDAP_ROOTDNPWD=Secret123 CLONE1_LDAP_ROOTDN="cn=Database Manager" CLONE_ADMIN_IMPORT_CERT=True +CLONE1_CERTDB_DIR_PASSWORD=Secret123 CLIENT_PKCS12_DIR=/tmp/pkcs ##### CLONE_CA1 params ############ @@ -781,6 +782,7 @@ CLONE2_LDAP_ROOTDN="cn=Database Manager" CLONE2_LDAP_ROOTDNPWD=Secret123 CLONE2_CA2_SECURE_CONN=False CLONE2_CA2_REMOVE_DATA=True +CLONE2_CERTDB_DIR_PASSWORD=Secret123 ##### CLONE_CA2 params ##### CLONE_CA2_LDAP_INSTANCE_NAME=pki-cloneca2 @@ -884,3 +886,4 @@ export CLONE_KRA1_TOMCAT_INSTANCE_NAME CLONE_KRA1_SECURE_PORT CLONE_KRA1_UNSECU export ROOTCA_SSL_SERVER_KEY_TYPE ROOTCA_SSL_SERVER_KEY_SIZE ROOTCA_SSL_SERVER_KEY_ALGORITHM ROOTCA_SSL_SERVER_SIGNING_ALGORITHM ROOTCA_SSL_SERVER_TOKEN ROOTCA_SSL_SERVER_NICKNAME ROOTCA_SSL_SERVER_CERT_SUBJECT_NAME SUBCA2_SSL_SERVER_KEY_TYPE SUBCA2_SSL_SERVER_KEY_SIZE SUBCA2_SSL_SERVER_KEY_ALGORITHM SUBCA2_SSL_SERVER_SIGNING_ALGORITHM SUBCA2_SSL_SERVER_TOKEN SUBCA2_SSL_SERVER_NICKNAME SUBCA2_SSL_SERVER_CERT_SUBJECT_NAME SUBCA1_SSL_SERVER_KEY_TYPE SUBCA1_SSL_SERVER_KEY_SIZE SUBCA1_SSL_SERVER_KEY_ALGORITHM SUBCA1_SSL_SERVER_SIGNING_ALGORITHM SUBCA1_SSL_SERVER_TOKEN SUBCA1_SSL_SERVER_NICKNAME SUBCA1_SSL_SERVER_CERT_SUBJECT_NAME export KRA1_SSL_SERVER_KEY_TYPE CLIENT_DIR KRA1_SSL_SERVER_KEY_SIZE KRA1_SSL_SERVER_KEY_ALGORITHM KRA1_SSL_SERVER_SIGNING_ALGORITHM KRA1_SSL_SERVER_TOKEN KRA1_SSL_SERVER_NICKNAME KRA1_SSL_SERVER_CERT_SUBJECT_NAME KRA2_SSL_SERVER_KEY_TYPE KRA2_SSL_SERVER_KEY_SIZE KRA2_SSL_SERVER_KEY_ALGORITHM KRA2_SSL_SERVER_SIGNING_ALGORITHM KRA2_SSL_SERVER_TOKEN KRA2_SSL_SERVER_NICKNAME KRA2_SSL_SERVER_CERT_SUBJECT_NAME KRA3_SSL_SERVER_KEY_TYPE KRA3_SSL_SERVER_KEY_SIZE KRA3_SSL_SERVER_KEY_ALGORITHM KRA3_SSL_SERVER_SIGNING_ALGORITHM KRA3_SSL_SERVER_TOKEN KRA3_SSL_SERVER_NICKNAME KRA3_SSL_SERVER_CERT_SUBJECT_NAME OCSP1_SSL_SERVER_KEY_TYPE OCSP1_SSL_SERVER_KEY_SIZE OCSP1_SSL_SERVER_KEY_ALGORITHM OCSP1_SSL_SERVER_SIGNING_ALGORITHM OCSP1_SSL_SERVER_TOKEN OCSP1_SSL_SERVER_NICKNAME OCSP1_SSL_SERVER_CERT_SUBJECT_NAME OCSP2_SSL_SERVER_KEY_TYPE OCSP2_SSL_SERVER_KEY_SIZE OCSP2_SSL_SERVER_KEY_ALGORITHM OCSP2_SSL_SERVER_SIGNING_ALGORITHM OCSP2_SSL_SERVER_TOKEN OCSP2_SSL_SERVER_NICKNAME OCSP2_SSL_SERVER_CERT_SUBJECT_NAME OCSP3_SSL_SERVER_KEY_TYPE OCSP3_SSL_SERVER_KEY_SIZE OCSP3_SSL_SERVER_KEY_ALGORITHM OCSP3_SSL_SERVER_SIGNING_ALGORITHM OCSP3_SSL_SERVER_TOKEN OCSP3_SSL_SERVER_NICKNAME OCSP3_SSL_SERVER_CERT_SUBJECT_NAME TKS1_SSL_SERVER_KEY_TYPE TKS1_SSL_SERVER_KEY_SIZE TKS1_SSL_SERVER_KEY_ALGORITHM TKS1_SSL_SERVER_SIGNING_ALGORITHM TKS1_SSL_SERVER_TOKEN TKS1_SSL_SERVER_NICKNAME TKS1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_CA1_SSL_SERVER_KEY_TYPE CLONE_CA1_SSL_SERVER_KEY_SIZE CLONE_CA1_SSL_SERVER_KEY_ALGORITHM CLONE_CA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_CA1_SSL_SERVER_TOKEN CLONE_CA1_SSL_SERVER_NICKNAME CLONE_CA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_KRA1_SSL_SERVER_KEY_TYPE CLONE_KRA1_SSL_SERVER_KEY_SIZE CLONE_KRA1_SSL_SERVER_KEY_ALGORITHM CLONE_KRA1_SSL_SERVER_SIGNING_ALGORITHM CLONE_KRA1_SSL_SERVER_TOKEN CLONE_KRA1_SSL_SERVER_NICKNAME CLONE_KRA1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_OCSP1_SSL_SERVER_KEY_TYPE CLONE_OCSP1_SSL_SERVER_KEY_SIZE CLONE_OCSP1_SSL_SERVER_KEY_ALGORITHM CLONE_OCSP1_SSL_SERVER_SIGNING_ALGORITHM CLONE_OCSP1_SSL_SERVER_TOKEN CLONE_OCSP1_SSL_SERVER_NICKNAME CLONE_OCSP1_SSL_SERVER_CERT_SUBJECT_NAME CLONE_TKS1_SSL_SERVER_KEY_TYPE CLONE_TKS1_SSL_SERVER_KEY_SIZE CLONE_TKS1_SSL_SERVER_KEY_ALGORITHM CLONE_TKS1_SSL_SERVER_SIGNING_ALGORITHM CLONE_TKS1_SSL_SERVER_TOKEN CLONE_TKS1_SSL_SERVER_NICKNAME CLONE_TKS1_SSL_SERVER_CERT_SUBJECT_NAME + |