Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update pki-server cert-create #4612

Merged
merged 1 commit into from
Nov 15, 2023
Merged

Update pki-server cert-create #4612

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 18 additions & 41 deletions .github/workflows/ca-existing-hsm-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,22 +80,17 @@ jobs:
--subject "CN=CA Signing Certificate" \
--ext /usr/share/pki/server/certs/ca_signing.conf \
ca_signing
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
docker exec pki pki-server cert-create \
--token HSM \
nss-cert-issue \
--csr /etc/pki/pki-tomcat/certs/ca_signing.csr \
--ext /usr/share/pki/server/certs/ca_signing.conf \
--cert /tmp/ca_signing.crt
ca_signing
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
--token HSM \
nss-cert-import \
--cert /tmp/ca_signing.crt \
--cert /etc/pki/pki-tomcat/certs/ca_signing.crt \
--trust CT,C,C \
ca_signing

Expand Down Expand Up @@ -124,23 +119,18 @@ jobs:
--subject "CN=OCSP Signing Certificate" \
--ext /usr/share/pki/server/certs/ocsp_signing.conf \
ca_ocsp_signing
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
docker exec pki pki-server cert-create \
--token HSM \
nss-cert-issue \
--issuer HSM:ca_signing \
--csr /etc/pki/pki-tomcat/certs/ca_ocsp_signing.csr \
--ext /usr/share/pki/server/certs/ocsp_signing.conf \
--cert /tmp/ca_ocsp_signing.crt
ca_ocsp_signing
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
--token HSM \
nss-cert-import \
--cert /tmp/ca_ocsp_signing.crt \
--cert /etc/pki/pki-tomcat/certs/ca_ocsp_signing.crt \
ca_ocsp_signing

# check original cert
Expand Down Expand Up @@ -168,23 +158,18 @@ jobs:
--subject "CN=Audit Signing Certificate" \
--ext /usr/share/pki/server/certs/audit_signing.conf \
ca_audit_signing
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
docker exec pki pki-server cert-create \
--token HSM \
nss-cert-issue \
--issuer HSM:ca_signing \
--csr /etc/pki/pki-tomcat/certs/ca_audit_signing.csr \
--ext /usr/share/pki/server/certs/audit_signing.conf \
--cert /tmp/ca_audit_signing.crt
ca_audit_signing
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
--token HSM \
nss-cert-import \
--cert /tmp/ca_audit_signing.crt \
--cert /etc/pki/pki-tomcat/certs/ca_audit_signing.crt \
--trust ,,P \
ca_audit_signing

Expand Down Expand Up @@ -213,23 +198,18 @@ jobs:
--subject "CN=Subsystem Certificate" \
--ext /usr/share/pki/server/certs/subsystem.conf \
subsystem
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
docker exec pki pki-server cert-create \
--token HSM \
nss-cert-issue \
--issuer HSM:ca_signing \
--csr /etc/pki/pki-tomcat/certs/subsystem.csr \
--ext /usr/share/pki/server/certs/subsystem.conf \
--cert /tmp/subsystem.crt
subsystem
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
--token HSM \
nss-cert-import \
--cert /tmp/subsystem.crt \
--cert /etc/pki/pki-tomcat/certs/subsystem.crt \
subsystem

# check original cert
Expand All @@ -256,22 +236,17 @@ jobs:
--subject "CN=pki.example.com" \
--ext /usr/share/pki/server/certs/sslserver.conf \
sslserver
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
docker exec pki pki-server cert-create \
--token HSM \
nss-cert-issue \
--issuer HSM:ca_signing \
--csr /etc/pki/pki-tomcat/certs/sslserver.csr \
--ext /usr/share/pki/server/certs/sslserver.conf \
--cert /tmp/sslserver.crt
sslserver
docker exec pki runuser -u pkiuser -- \
pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
nss-cert-import \
--cert /tmp/sslserver.crt \
--cert /etc/pki/pki-tomcat/certs/sslserver.crt \
sslserver

# check original cert
Expand Down Expand Up @@ -461,7 +436,9 @@ jobs:

- name: Check CA admin cert
run: |
docker exec pki pki client-cert-import ca_signing --ca-cert /tmp/ca_signing.crt
docker exec pki pki client-cert-import \
--ca-cert /etc/pki/pki-tomcat/certs/ca_signing.crt \
ca_signing
docker exec pki pki -n caadmin ca-user-show caadmin

- name: Check CA certs and requests
Expand Down
49 changes: 18 additions & 31 deletions .github/workflows/ca-existing-nssdb-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,16 +58,13 @@ jobs:
--subject "CN=CA Signing Certificate" \
--ext /usr/share/pki/server/certs/ca_signing.conf \
ca_signing
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-issue \
--csr /etc/pki/pki-tomcat/certs/ca_signing.csr \
docker exec pki pki-server cert-create \
--ext /usr/share/pki/server/certs/ca_signing.conf \
--cert ca_signing.crt
ca_signing
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-import \
--cert ca_signing.crt \
--cert /etc/pki/pki-tomcat/certs/ca_signing.crt \
--trust CT,C,C \
ca_signing

Expand All @@ -89,17 +86,14 @@ jobs:
--subject "CN=OCSP Signing Certificate" \
--ext /usr/share/pki/server/certs/ocsp_signing.conf \
ca_ocsp_signing
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-issue \
docker exec pki pki-server cert-create \
--issuer ca_signing \
--csr /etc/pki/pki-tomcat/certs/ca_ocsp_signing.csr \
--ext /usr/share/pki/server/certs/ocsp_signing.conf \
--cert ca_ocsp_signing.crt
ca_ocsp_signing
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-import \
--cert ca_ocsp_signing.crt \
--cert /etc/pki/pki-tomcat/certs/ca_ocsp_signing.crt \
ca_ocsp_signing

# check original cert
Expand All @@ -120,17 +114,14 @@ jobs:
--subject "CN=Audit Signing Certificate" \
--ext /usr/share/pki/server/certs/audit_signing.conf \
ca_audit_signing
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-issue \
docker exec pki pki-server cert-create \
--issuer ca_signing \
--csr /etc/pki/pki-tomcat/certs/ca_audit_signing.csr \
--ext /usr/share/pki/server/certs/audit_signing.conf \
--cert ca_audit_signing.crt
ca_audit_signing
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-import \
--cert ca_audit_signing.crt \
--cert /etc/pki/pki-tomcat/certs/ca_audit_signing.crt \
--trust ,,P \
ca_audit_signing

Expand All @@ -152,17 +143,14 @@ jobs:
--subject "CN=Subsystem Certificate" \
--ext /usr/share/pki/server/certs/subsystem.conf \
subsystem
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-issue \
docker exec pki pki-server cert-create \
--issuer ca_signing \
--csr /etc/pki/pki-tomcat/certs/subsystem.csr \
--ext /usr/share/pki/server/certs/subsystem.conf \
--cert subsystem.crt
subsystem
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-import \
--cert subsystem.crt \
--cert /etc/pki/pki-tomcat/certs/subsystem.crt \
subsystem

# check original cert
Expand All @@ -183,17 +171,14 @@ jobs:
--subject "CN=pki.example.com" \
--ext /usr/share/pki/server/certs/sslserver.conf \
sslserver
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-issue \
docker exec pki pki-server cert-create \
--issuer ca_signing \
--csr /etc/pki/pki-tomcat/certs/sslserver.csr \
--ext /usr/share/pki/server/certs/sslserver.conf \
--cert sslserver.crt
sslserver
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
nss-cert-import \
--cert sslserver.crt \
--cert /etc/pki/pki-tomcat/certs/sslserver.crt \
sslserver

# check original cert
Expand Down Expand Up @@ -336,7 +321,9 @@ jobs:

- name: Check CA admin cert
run: |
docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt
docker exec pki pki client-cert-import \
--ca-cert /etc/pki/pki-tomcat/certs/ca_signing.crt \
ca_signing
docker exec pki pki -n caadmin ca-user-show caadmin

- name: Check CA certs and requests
Expand Down
Loading
Loading