3 waitForEjbcaToStart() {
4 until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail)
11 ejbca.sh config cmp addalias --alias cmpRA
12 ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
13 ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
14 ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
15 #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
16 ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
17 #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
18 ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
19 #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
20 ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
21 ejbca.sh config cmp dumpalias --alias cmpRA
22 ejbca.sh config cmp addalias --alias cmp
23 ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
24 ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe
25 ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password ${CLIENT_IAK} --type 1 --token USERGENERATED
26 ejbca.sh ra setclearpwd --username Node123 --password ${CLIENT_IAK}
27 ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
28 ejbca.sh config cmp dumpalias --alias cmp
29 ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
Code Review / oom.git / blob