aboutsummaryrefslogtreecommitdiffstats
path: root/plans/aaf/certservice
diff options
context:
space:
mode:
Diffstat (limited to 'plans/aaf/certservice')
-rw-r--r--plans/aaf/certservice/cmpServers.json18
-rw-r--r--plans/aaf/certservice/docker-compose.yml2
-rwxr-xr-xplans/aaf/certservice/scripts/ejbca-configuration.sh4
-rw-r--r--plans/aaf/certservice/setup.sh2
4 files changed, 14 insertions, 12 deletions
diff --git a/plans/aaf/certservice/cmpServers.json b/plans/aaf/certservice/cmpServers.json
index f461edc7..d6557c52 100644
--- a/plans/aaf/certservice/cmpServers.json
+++ b/plans/aaf/certservice/cmpServers.json
@@ -1,23 +1,23 @@
{
"cmpv2Servers": [
{
- "caName": "TEST",
- "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
+ "caName": "Client",
+ "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
"issuerDN": "CN=ManagementCA",
"caMode": "CLIENT",
"authentication": {
- "iak": "xxx",
- "rv": "yyy"
+ "iak": "mypassword",
+ "rv": "mypassword"
}
},
{
- "caName": "TEST2",
- "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA",
- "issuerDN": "CN=ManagementCA2",
+ "caName": "RA",
+ "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
+ "issuerDN": "CN=ManagementCA",
"caMode": "RA",
"authentication": {
- "iak": "xxx",
- "rv": "yyy"
+ "iak": "mypassword",
+ "rv": "mypassword"
}
}
]
diff --git a/plans/aaf/certservice/docker-compose.yml b/plans/aaf/certservice/docker-compose.yml
index 83aff56b..384158ab 100644
--- a/plans/aaf/certservice/docker-compose.yml
+++ b/plans/aaf/certservice/docker-compose.yml
@@ -2,7 +2,7 @@ version: "2.1"
services:
ejbca:
- image: primekey/ejbca-ce
+ image: primekey/ejbca-ce:6.15.2.5
hostname: cahostname
container_name: aafcert-ejbca
ports:
diff --git a/plans/aaf/certservice/scripts/ejbca-configuration.sh b/plans/aaf/certservice/scripts/ejbca-configuration.sh
index cdff77de..7ec1fa3a 100755
--- a/plans/aaf/certservice/scripts/ejbca-configuration.sh
+++ b/plans/aaf/certservice/scripts/ejbca-configuration.sh
@@ -8,9 +8,11 @@ configureEjbca() {
ejbca.sh config cmp addalias --alias cmpRA
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
+ ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
ejbca.sh config cmp dumpalias --alias cmpRA
ejbca.sh config cmp addalias --alias cmp
ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
+ ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe
ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED
ejbca.sh ra setclearpwd --username Node123 --password mypassword
ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
@@ -18,5 +20,5 @@ configureEjbca() {
ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
}
-waitForEjbcaStartUp 30
+waitForEjbcaStartUp 45
configureEjbca
diff --git a/plans/aaf/certservice/setup.sh b/plans/aaf/certservice/setup.sh
index 17a278d8..dde516ae 100644
--- a/plans/aaf/certservice/setup.sh
+++ b/plans/aaf/certservice/setup.sh
@@ -57,5 +57,5 @@ AAFCERT_IP=`get-instance-ip.sh aafcert`
export AAFCERT_IP=${AAFCERT_IP}
# Wait container ready
-sleep 10
+sleep 15