Merge "[OOM-CERT-SERVICE] Configure EJBCA to handle Key Update Request"

1 files changed, 5 insertions, 1 deletions

diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh
index 3eb146db..8e6bd038 100755
--- a/compose-resources/ejbca-configuration.sh
+++ b/compose-resources/ejbca-configuration.sh
@@ -4,12 +4,16 @@ configureEjbca() {
     ejbca.sh config cmp addalias --alias cmpRA
     ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
     ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword
-    ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+    ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature
+    ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate'
+    ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true
     ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
     #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
     ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
     #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
     ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
+    caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p')
+    ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject"
     ejbca.sh config cmp dumpalias --alias cmpRA
     ejbca.sh config cmp addalias --alias cmp
     ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true