[OOM-CERT-SERVICE] Modify EJBCA configuration

- Do not create default ManagementCA with generated UID
- Create ManagementCA with hardcoded UID to allow performing KUR

Issue-ID: OOM-2753
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Ief51c27200300118ffa0206ba2657504ce4bc69c

3 files changed, 13 insertions, 2 deletions

diff --git a/compose-resources/cmpServers.json b/compose-resources/cmpServers.json
index 72564949..8972fd4d 100644
--- a/compose-resources/cmpServers.json
+++ b/compose-resources/cmpServers.json
@@ -3,7 +3,7 @@
     {
       "caName": "Client",
       "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
-      "issuerDN": "CN=ManagementCA",
+      "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
       "caMode": "CLIENT",
       "authentication": {
         "iak": "mypassword",
@@ -13,7 +13,7 @@
     {
       "caName": "RA",
       "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
-      "issuerDN": "CN=ManagementCA",
+      "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
       "caMode": "RA",
       "authentication": {
         "iak": "mypassword",
diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh
index 8e6bd038..42e3f6bd 100755
--- a/compose-resources/ejbca-configuration.sh
+++ b/compose-resources/ejbca-configuration.sh
@@ -1,6 +1,16 @@
 #!/bin/bash
 
 configureEjbca() {
+    ejbca.sh ca init \
+      --caname ManagementCA \
+      --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \
+      --tokenType soft \
+      --keyspec 3072 \
+      --keytype RSA \
+      -v 3652 \
+      --policy null \
+      -s SHA256WithRSA \
+      -type "x509"
     ejbca.sh config cmp addalias --alias cmpRA
     ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
     ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
diff --git a/docker-compose.yml b/docker-compose.yml
index 3e55c29b..1b154f4d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,6 +10,7 @@ services:
       - "443:8443"
     environment:
       - INITIAL_ADMIN=;PublicAccessAuthenticationToken:TRANSPORT_ANY;
+      - NO_CREATE_CA=true
     volumes:
       - ./compose-resources/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh
       - ./compose-resources/certprofile_CUSTOM_ENDUSER-1834889499.xml:/opt/primekey/custom_profiles/certprofile_CUSTOM_ENDUSER-1834889499.xml