diff options
| author |   Bogumil Zebek <bogumil.zebek@nokia.com> | 2021-07-02 08:58:55 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2021-07-02 08:58:55 +0000 |
| commit | c3d5eb94b097b3375d09f0cd53cb511b084174e9 (patch) | |
| tree | 25b4149ecc5c8c4b3a53c9ac18edfc91a826fd03 /compose-resources | |
| parent | b3faacf4ba4023f29f13aa7806acd660bbf1483e (diff) | |
| parent | 38908796c4a35777c5b2f5d01780553608d94205 (diff) | |
Merge "[OOM-CERT-SERVICE] Add Certificate Update Admin role"
Diffstat (limited to 'compose-resources')
| -rwxr-xr-x | compose-resources/ejbca-configuration.sh | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh index 42e3f6bd..f7cd4288 100755 --- a/compose-resources/ejbca-configuration.sh +++ b/compose-resources/ejbca-configuration.sh @@ -33,6 +33,13 @@ configureEjbca() { ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN ejbca.sh config cmp dumpalias --alias cmp ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem + #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation) + ejbca.sh roles addrole "Certificate Update Admin" + ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT + ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "Linux-Foundation" } configureEjbca |