Skip to content

Commit

Permalink
Makefile_v1,demo.cnf: clean up setting EJBCA special imprint path and…
Browse files Browse the repository at this point in the history 
… subject
  • Loading branch information
@DDvO
DDvO committed Oct 15, 2024
1 parent 46e50a8 commit 16eca2f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 6 deletions.
5 changes: 3 additions & 2 deletions Makefile_v1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,9 +389,10 @@ else ifeq ($(CA_SECTION),CloudCA)
ifdef CMP_PROFILE
PROFILE_PATH="/p/$(CMP_PROFILE)"
endif
override EXTRA_OPTS += -path "/.well-known/cmp$(PROFILE_PATH)" -reqexts empty -subject /CN=CloudCA-Integration-Test-User
override EXTRA_OPTS += -path "/.well-known/cmp$(PROFILE_PATH)" -reqexts empty
else
CA_SECTION=EJBCA
EXTRA_OPTS_IMPRINT= -path "$(ENV::EJBCA_PATH_IMPRINT)" -subject "$(EJBCA_CMP_SUBJECT_IMPRINT)"
CRL_SECTION=crls
OCSP_CHECK=$(OPENSSL) ocsp -url $(EJBCA_OCSP_URL) \
-CAfile $(EJBCA_CMP_TRUSTED) -issuer $(EJBCA_CMP_ISSUER) \
Expand Down Expand Up @@ -421,7 +422,7 @@ GENERATE_OPERATIONAL=$(OPENSSL) x509 -in creds/operational.crt -x509toreq -signk
run_demo: $(OUT_DIR_BIN)
@which $(OPENSSL) >/dev/null || (echo "cannot find $(OPENSSL)"; false)
@/bin/echo -e "\n##### running cmpClient demo using $(CA_SECTION) #####\n"
$(CMPCLIENT) imprint -section $(CA_SECTION) $(EXTRA_OPTS)
$(CMPCLIENT) imprint -section $(CA_SECTION) $(EXTRA_OPTS) $(EXTRA_OPTS_IMPRINT)
@/bin/echo -e "\nValidating own CMP client cert"
ifeq ($(CA_SECTION),EJBCA)
$(CMPCLIENT) validate -section $(CA_SECTION),$(CRL_SECTION) -cert $(EJBCA_CMP_CLIENT_CERT) -tls_cert "" -own_trusted $(EJBCA_CMP_TRUSTED),$(EJBCA_TRUSTED) -untrusted $(EJBCA_UNTRUSTED)
Expand Down
8 changes: 4 additions & 4 deletions config/demo.cnf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ out_trusted = creds/trusted/ENROLL_Root.pem

[Insta]
server = pki.certificate.fi:8700/pkix/
# path = pkix/ # gets overridden by Makefile_v1
path = pkix/ # gets partly overridden by Makefile_v1
secret = pass:insta
ref = 3078
#would need to be updated every 3 months:
Expand All @@ -147,7 +147,7 @@ tls_used = 0
[CloudCA]
# Server
server = broker.sdo-qa.siemens.cloud:443
# path = /.well-known/cmp # gets overridden by Makefile_v1
path = /.well-known/cmp # gets overridden by Makefile_v1
tls_used = 1
tls_trusted = creds/trusted/DigicertGlobalRootG2.crt

Expand All @@ -169,8 +169,8 @@ key = creds/manufacturer.pem
keypass = pass:12345

[imprint]
path = ${ENV::EJBCA_PATH}/${ENV::EJBCA_PATH_IMPRINT}
subject = ${ENV::EJBCA_CMP_SUBJECT_IMPRINT}
# path = ${ENV::EJBCA_PATH}/${ENV::EJBCA_PATH_IMPRINT} # gets overridden by Makefile_v1 for EJBCA
# subject = ${ENV::EJBCA_CMP_SUBJECT_IMPRINT} # gets overridden by Makefile_v1 for EJBCA
cmd = ir
cert =
key =
Expand Down

0 comments on commit 16eca2f

Please sign in to comment.