aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-06-25 16:01:52 +0200
committerPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-06-30 08:40:50 +0200
commit38908796c4a35777c5b2f5d01780553608d94205 (patch)
tree7d4851d3a0d17f58dc8fffd311ad4de589ccef6f
parent1630a480ab3ac2aeb833855380be3dd89fdca248 (diff)
[OOM-CERT-SERVICE] Add Certificate Update Admin role
Add Certificate Update Admin role in order to allow performing KUR/CR in EJBCA. Issue-ID: OOM-2753 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Ib07a694c6a88d5ad58059cd331d2eddbcaf8a97b
Diffstat
-rwxr-xr-xcompose-resources/ejbca-configuration.sh7
1 files changed, 7 insertions, 0 deletions
diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh
index 8e6bd038..d309ec77 100755
--- a/compose-resources/ejbca-configuration.sh
+++ b/compose-resources/ejbca-configuration.sh
@@ -23,6 +23,13 @@ configureEjbca() {
ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
ejbca.sh config cmp dumpalias --alias cmp
ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+ #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation)
+ ejbca.sh roles addrole "Certificate Update Admin"
+ ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT
+ ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "Linux-Foundation"
}
configureEjbca