[CONTRIB] Adjust EJBCA to issue certificates usable by servers.

Add configuration to EJBCA that allows to create keystores with
extendedKeyUsage containing serverAuth.

Issue-ID: AAF-1121
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I6fc1d228acb4edc089be11d66186cfb5006e9ad1

1 files changed, 6 insertions, 0 deletions

diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
index f1bd07e158..ad10240b94 100755
--- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
+++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
@@ -12,6 +12,12 @@ configureEjbca() {
     ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
     ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
     ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+    #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
+    ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
+    #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
+    ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
+    #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
+    ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
     ejbca.sh config cmp dumpalias --alias cmpRA
     ejbca.sh config cmp addalias --alias cmp
     ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true