diff options
| author |   Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> | 2021-05-20 09:05:16 +0200 |
|---|---|---|
| committer | Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> | 2021-06-01 11:44:04 +0200 |
| commit | 2d287fdf100b518b382e3008da6d5f572fd71da0 (patch) | |
| tree | 5de3830e8b257b76ee192e0c001bc1709aaef6aa /compose-resources/ejbca-configuration.sh | |
| parent | dd21ec585367e5e75372795dddf9838dd138881e (diff) | |
[OOM-CERT-SERVICE] Configure EJBCA to handle Key Update Request
Change RA response protection from pbe to signature, set HMAC
and End entity certificate authentication in order to enable
Key Update Request in EJBCA. Set default CA, which will sign
Confirmation Response message.
Issue-ID: OOM-2753
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I1ab13b0a55711291a8c2a1448ae3497747348d67
Diffstat (limited to 'compose-resources/ejbca-configuration.sh')
| -rwxr-xr-x | compose-resources/ejbca-configuration.sh | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh index 3eb146db..8e6bd038 100755 --- a/compose-resources/ejbca-configuration.sh +++ b/compose-resources/ejbca-configuration.sh @@ -4,12 +4,16 @@ configureEjbca() { ejbca.sh config cmp addalias --alias cmpRA ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value mypassword - ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature + ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate' + ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml) ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml) ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849 + caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p') + ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject" ejbca.sh config cmp dumpalias --alias cmpRA ejbca.sh config cmp addalias --alias cmp ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true |