diff options
Diffstat (limited to 'plans/aaf/certservice')
-rw-r--r-- | plans/aaf/certservice/cmpServers.json | 18 | ||||
-rw-r--r-- | plans/aaf/certservice/docker-compose.yml | 2 | ||||
-rwxr-xr-x | plans/aaf/certservice/scripts/ejbca-configuration.sh | 4 | ||||
-rw-r--r-- | plans/aaf/certservice/setup.sh | 2 |
4 files changed, 14 insertions, 12 deletions
diff --git a/plans/aaf/certservice/cmpServers.json b/plans/aaf/certservice/cmpServers.json index f461edc7..d6557c52 100644 --- a/plans/aaf/certservice/cmpServers.json +++ b/plans/aaf/certservice/cmpServers.json @@ -1,23 +1,23 @@ { "cmpv2Servers": [ { - "caName": "TEST", - "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmp", + "caName": "Client", + "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp", "issuerDN": "CN=ManagementCA", "caMode": "CLIENT", "authentication": { - "iak": "xxx", - "rv": "yyy" + "iak": "mypassword", + "rv": "mypassword" } }, { - "caName": "TEST2", - "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA2", + "caName": "RA", + "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", + "issuerDN": "CN=ManagementCA", "caMode": "RA", "authentication": { - "iak": "xxx", - "rv": "yyy" + "iak": "mypassword", + "rv": "mypassword" } } ] diff --git a/plans/aaf/certservice/docker-compose.yml b/plans/aaf/certservice/docker-compose.yml index 83aff56b..384158ab 100644 --- a/plans/aaf/certservice/docker-compose.yml +++ b/plans/aaf/certservice/docker-compose.yml @@ -2,7 +2,7 @@ version: "2.1" services: ejbca: - image: primekey/ejbca-ce + image: primekey/ejbca-ce:6.15.2.5 hostname: cahostname container_name: aafcert-ejbca ports: diff --git a/plans/aaf/certservice/scripts/ejbca-configuration.sh b/plans/aaf/certservice/scripts/ejbca-configuration.sh index cdff77de..7ec1fa3a 100755 --- a/plans/aaf/certservice/scripts/ejbca-configuration.sh +++ b/plans/aaf/certservice/scripts/ejbca-configuration.sh @@ -8,9 +8,11 @@ configureEjbca() { ejbca.sh config cmp addalias --alias cmpRA ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe ejbca.sh config cmp dumpalias --alias cmpRA ejbca.sh config cmp addalias --alias cmp ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true + ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password mypassword --type 1 --token USERGENERATED ejbca.sh ra setclearpwd --username Node123 --password mypassword ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN @@ -18,5 +20,5 @@ configureEjbca() { ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem } -waitForEjbcaStartUp 30 +waitForEjbcaStartUp 45 configureEjbca diff --git a/plans/aaf/certservice/setup.sh b/plans/aaf/certservice/setup.sh index 17a278d8..dde516ae 100644 --- a/plans/aaf/certservice/setup.sh +++ b/plans/aaf/certservice/setup.sh @@ -57,5 +57,5 @@ AAFCERT_IP=`get-instance-ip.sh aafcert` export AAFCERT_IP=${AAFCERT_IP} # Wait container ready -sleep 10 +sleep 15 |