summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoanna Jeremicz <joanna.jeremicz@nokia.com>2021-06-30 15:30:57 +0200
committerJoanna Jeremicz <joanna.jeremicz@nokia.com>2021-06-30 17:37:16 +0200
commitaa6ac8c5b2cd25ca988bdcc7e0ee8716ff75d8cf (patch)
tree83486be682f5759e0597f5b3b5338f3bc696a70c
parent27611bc9a6f855d439dbf68a2955e4651e83dd14 (diff)
[OOM-CERT-SERVICE] Modify EJBCA configuration
- Do not create default ManagementCA with generated UID - Create ManagementCA with hardcoded UID to allow performing KUR Issue-ID: OOM-2753 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ief51c27200300118ffa0206ba2657504ce4bc69c
-rw-r--r--compose-resources/cmpServers.json4
-rwxr-xr-xcompose-resources/ejbca-configuration.sh10
-rw-r--r--docker-compose.yml1
3 files changed, 13 insertions, 2 deletions
diff --git a/compose-resources/cmpServers.json b/compose-resources/cmpServers.json
index 72564949..8972fd4d 100644
--- a/compose-resources/cmpServers.json
+++ b/compose-resources/cmpServers.json
@@ -3,7 +3,7 @@
{
"caName": "Client",
"url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "CLIENT",
"authentication": {
"iak": "mypassword",
@@ -13,7 +13,7 @@
{
"caName": "RA",
"url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "RA",
"authentication": {
"iak": "mypassword",
diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh
index 8e6bd038..42e3f6bd 100755
--- a/compose-resources/ejbca-configuration.sh
+++ b/compose-resources/ejbca-configuration.sh
@@ -1,6 +1,16 @@
#!/bin/bash
configureEjbca() {
+ ejbca.sh ca init \
+ --caname ManagementCA \
+ --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \
+ --tokenType soft \
+ --keyspec 3072 \
+ --keytype RSA \
+ -v 3652 \
+ --policy null \
+ -s SHA256WithRSA \
+ -type "x509"
ejbca.sh config cmp addalias --alias cmpRA
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
diff --git a/docker-compose.yml b/docker-compose.yml
index 3e55c29b..1b154f4d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,6 +10,7 @@ services:
- "443:8443"
environment:
- INITIAL_ADMIN=;PublicAccessAuthenticationToken:TRANSPORT_ANY;
+ - NO_CREATE_CA=true
volumes:
- ./compose-resources/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh
- ./compose-resources/certprofile_CUSTOM_ENDUSER-1834889499.xml:/opt/primekey/custom_profiles/certprofile_CUSTOM_ENDUSER-1834889499.xml