From 38908796c4a35777c5b2f5d01780553608d94205 Mon Sep 17 00:00:00 2001 From: Piotr Marcinkiewicz Date: Fri, 25 Jun 2021 16:01:52 +0200 Subject: [PATCH] [OOM-CERT-SERVICE] Add Certificate Update Admin role Add Certificate Update Admin role in order to allow performing KUR/CR in EJBCA. Issue-ID: OOM-2753 Signed-off-by: Piotr Marcinkiewicz Change-Id: Ib07a694c6a88d5ad58059cd331d2eddbcaf8a97b --- compose-resources/ejbca-configuration.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/compose-resources/ejbca-configuration.sh b/compose-resources/ejbca-configuration.sh index 8e6bd038..d309ec77 100755 --- a/compose-resources/ejbca-configuration.sh +++ b/compose-resources/ejbca-configuration.sh @@ -23,6 +23,13 @@ configureEjbca() { ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN ejbca.sh config cmp dumpalias --alias cmp ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem + #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation) + ejbca.sh roles addrole "Certificate Update Admin" + ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT + ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT + ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "Linux-Foundation" } configureEjbca -- 2.16.6