[bitnami/ejbca] Extend initial CA cert configs (#14213)

Signed-off-by: Synertry <jonny.somrak@gmail.com> Signed-off-by: Synertry <jonny.somrak@gmail.com>
2022-11-24 07:45:57 +01:00 · 2022-11-24 07:45:57 +01:00 · 1126c8194c
parent 8817c6f2f4
commit 1126c8194c
2 changed files with 18 additions and 7 deletions
--- a/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
+++ b/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
@ -354,11 +354,11 @@ ejbca_generate_ca() {
            --caname "$EJBCA_CA_NAME" \
            --tokenType "soft" \
            --tokenPass "null" \
-            --keytype "RSA" \
-            --keyspec "3072" \
-            -v "3652" \
-            --policy "null" \
-            -s "SHA256WithRSA" \
+            --keytype "$EJBCA_CA_KEYTYPE" \
+            --keyspec "$EJBCA_CA_KEYSPEC" \
+            -v "$EJBCA_CA_CERT_VALIDITY" \
+            --policy "$EJBCA_CA_CERT_POLICY_ID" \
+            -s "$EJBCA_CA_CERT_SIGNATURE_ALGORITHM" \
            -type "x509"

        info "Add superadmin user"
@ -565,8 +565,14 @@ ejbca_initialize() {
        export EJBCA_KEYSTORE_PASSWORD
        EJBCA_WILDFLY_ADMIN_PASSWORD="${EJBCA_WILDFLY_ADMIN_PASSWORD:-$(generate_random_string -t alphanumeric)}"
        export EJBCA_WILDFLY_ADMIN_PASSWORD
-        EJBCA_BASE_DN="${EJBCA_BASE_DN:-O=Example CA,C=SE,UID=c-$(generate_random_string -t alphanumeric)}"
-        export EJBCA_BASE_DN
+
+        ## Initial certificate setup
+        export EJBCA_BASE_DN="${EJBCA_BASE_DN:-O=Example CA,C=SE,UID=c-$(generate_random_string -t alphanumeric)}"
+        export EJBCA_CA_KEYTYPE="${EJBCA_CA_KEYTYPE:-RSA}"
+        export EJBCA_CA_KEYSPEC="${EJBCA_CA_KEYSPEC:-3072}"
+        export EJBCA_CA_CERT_VALIDITY="${EJBCA_CA_CERT_VALIDITY:-3652}"
+        export EJBCA_CA_CERT_POLICY_ID="${EJBCA_CA_CERT_POLICY_ID:-null}"
+        export EJBCA_CA_CERT_SIGNATURE_ALGORITHM="${EJBCA_CA_CERT_SIGNATURE_ALGORITHM:-SHA256WithRSA}"

        # Check if external keystore
        if [[ -f "$EJBCA_SERVER_CERT_FILE" && -n "$EJBCA_SERVER_CERT_PASSWORD" ]]; then
--- a/bitnami/ejbca/README.md
+++ b/bitnami/ejbca/README.md
@ -163,6 +163,11 @@ The EJBCA instance can be customized by specifying environment variables on the
 - `EJBCA_DATABASE_PASSWORD`: Database password. No defaults.
 - `EJBCA_BASE_DN`: Base DN for the CA. Defaults to `O=Example CA,C=SE,UID=c-XXXXXXX`, where `XXXXXXX` is a random generated ID.
 - `EJBCA_CA_NAME`: CA Name. Defaults to `ManagementCA`
+- `EJBCA_CA_KEYTYPE`: Initial keytype for the CA certificate. Defaults to `RSA`.
+- `EJBCA_CA_KEYSPEC`: Initial keyspec for the CA certificate. Defaults to `3072`.
+- `EJBCA_CA_CERT_VALIDITY`: Initial certificate validity in days for the CA certificate. Defaults to `3652`.
+- `EJBCA_CA_CERT_POLICY_ID`: Initial certificate policy ID for the CA certificate. Defaults to `null`.
+- `EJBCA_CA_CERT_SIGNATURE_ALGORITHM`: Initial certificate signature algorithm for the CA certificate. Defaults to `SHA256WithRSA`.
 - `JAVA_OPTS`: Java options. Defaults to `-Xms2048m -Xmx2048m -XX:MetaspaceSize=192M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb`.
 - `EJBCA_SERVER_CERT_FILE`: User provided keystore file. No defaults.
 - `EJBCA_SERVER_CERT_PASSWORD`: User provided keystore file password. No defaults.