diff options
| -rw-r--r-- | scripts/apnic-poke-1.sh | 20 | ||||
| -rw-r--r-- | scripts/apnic-poke-1.yaml | 2 | ||||
| -rw-r--r-- | scripts/apnic-poke-2.sh | 3 |
3 files changed, 15 insertions, 10 deletions
diff --git a/scripts/apnic-poke-1.sh b/scripts/apnic-poke-1.sh index d0bba366..d56a694b 100644 --- a/scripts/apnic-poke-1.sh +++ b/scripts/apnic-poke-1.sh @@ -19,7 +19,10 @@ set -ex if test ! -r testroot.cer -o ! -r testroot.key then $openssl req -new -newkey rsa:2048 -nodes -keyout testroot.key -out testroot.req -config testroot.cnf - $openssl x509 -req -in testroot.req -out testroot.cer -extfile testroot.cnf -extensions req_x509_ext -signkey testroot.key -text -sha256 + + $openssl x509 -req -in testroot.req -out testroot.cer -extfile testroot.cnf -extensions req_x509_ext \ + -signkey testroot.key -text -sha256 + rm -f testroot.req fi @@ -48,9 +51,14 @@ python irbe-cli.py self --action create --crl_interval 84600 # Create a business signing context, issue the necessary business cert, and set up the cert chain -python irbe-cli.py --pem_out bsc.req bsc --action create --self_id 1 --generate_keypair --signing_cert biz-certs/Bob-CA.cer -$openssl x509 -req -in bsc.req -out bsc.cer -CA biz-certs/Bob-CA.cer -CAkey biz-certs/Bob-CA.key -CAserial biz-certs/Bob-CA.srl +python irbe-cli.py --pem_out bsc.req bsc --action create --self_id 1 \ + --generate_keypair --signing_cert biz-certs/Bob-CA.cer + +$openssl x509 -req -in bsc.req -out bsc.cer -CA biz-certs/Bob-CA.cer \ + -CAkey biz-certs/Bob-CA.key -CAserial biz-certs/Bob-CA.srl + python irbe-cli.py bsc --action set --self_id 1 --bsc_id 1 --signing_cert bsc.cer + rm -f bsc.req bsc.cer # Create a repository context @@ -65,11 +73,9 @@ python irbe-cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id --https_ta biz-certs/Elena-Root.cer \ --sia_base rsync://wombat.invalid/ -# Create a child context -- note that we're using the -CA as trust anchor rather than -Root, -# because the APNIC poke tool doesn't offer any way to construct CMS chains +# Create a child context -#python irbe-cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer -python irbe-cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-CA.cer +python irbe-cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer # Run the other daemons, arrange for everything to go away on shutdown, # run initial cron job to set things up, then wait diff --git a/scripts/apnic-poke-1.yaml b/scripts/apnic-poke-1.yaml index 1fed7a90..24b80561 100644 --- a/scripts/apnic-poke-1.yaml +++ b/scripts/apnic-poke-1.yaml @@ -9,7 +9,7 @@ sender-id: "1" cms-cert-file: biz-certs/Frank-EE.cer cms-key-file: biz-certs/Frank-EE.key cms-ca-cert-file: biz-certs/Bob-Root.cer -#cms-cert-chain-file: [ biz-certs/Frank-CA.cer ] +cms-cert-chain-file: [ biz-certs/Frank-CA.cer ] ssl-cert-file: biz-certs/Frank-EE.cer ssl-key-file: biz-certs/Frank-EE.key diff --git a/scripts/apnic-poke-2.sh b/scripts/apnic-poke-2.sh index 2e81dca4..dbeaf690 100644 --- a/scripts/apnic-poke-2.sh +++ b/scripts/apnic-poke-2.sh @@ -86,8 +86,7 @@ python irbe-cli.py parent --self_id 1 --action create --bsc_id 1 --repository_id rm -f apnic.pem -# Create a child context -- note that we're using the -CA as trust anchor rather than -Root, -# because the APNIC poke tool doesn't offer any way to construct CMS chains +# Create a child context python irbe-cli.py child --self_id 1 --action create --bsc_id 1 --cms_ta biz-certs/Frank-Root.cer |