在用
openssl
的过程中会有很厌烦的一件事情,就使须要不停的填入各种资料,是否能让这些自动填写呢,答案是肯定的。下边几个
shell
配合使用,就能完成任务,
shell
是我正在使用的,没有问题,不过可能有些东西是多余的,好在内容不多,很容易看明白:
shell one:
#!/bin/bash
echo -n "input username:"
read USERNAME
#if [ -f bak/$USERNAME.pem ] || grep $USERNAME demoCA/newcerts -R 1>/dev/null 2>/dev/null ;then
# echo "$USERNAME's cert has already been made,revoke(openssl ca -revoke $USERNAME.pem) and delete it first"
# exit 1
#fi
echo -n "input password(length> 4):"
read PASSWORD
echo -n "input ca's password:"
read CAPASS
if [ -d bak ];then echo "bak dir exist"
else mkdir bak
fi
mv -if /usr/share/ssl/misc/*.pem bak
mv -if /usr/share/ssl/misc/*.req bak
mv -if /usr/share/ssl/misc/*.key bak
mv -if /usr/share/ssl/misc/*.p12 bak
/usr/share/ssl/misc/auto $USERNAME $PASSWORD $CAPASS
# make user dir
if [ -d /opt/certs/$USERNAME ];then
echo "ok"
else
mkdir -p /opt/certs/$USERNAME
fi
rm -rf /opt/certs/$USERNAME/* -rf
#cp $USERNAME.key $USERNAME.p12 $USERNAME.pem /edi/pss/cert/now/server/ -rf
cp $USERNAME.p12 /opt/certs/$USERNAME -rf
if [ -f SYSTEM01.p7c ]; then
cp SYSTEM01.p7c /opt/certs/$USERNAME -rf
fi
if [ -f bak/SYSTEM01.p7c ]; then
cp bak/SYSTEM01.p7c /opt/certs/$USERNAME -rf
fi
./makep7c $USERNAME
shell two:
#!/usr/bin/expect
set user [lindex $argv 0]
set pass [lindex $argv 1]
set capass [lindex $argv 2]
#spawn ./CA -newreq
spawn openssl req -new -keyout $user.key -out $user.req
expect "Enter PEM pass phrase:"
send "$pass\n"
expect "Verifying - Enter PEM pass phrase:"
send "$pass\n"
expect "]:"
send "JP\n"
expect "]:"
send "\n"
expect "]:"
send "\n"
expect "]:"
send "WAVE\n"
expect "]:"
send "WAVE Center\n"
expect "]:"
send "$user\n"
expect "]:"
send "$user@linux3.niis.com.cn\n"
expect "]:"
send "$pass\n"
expect "]:"
send "$pass\n"
#exit
#spawn ./CA -sign
expect eof
spawn openssl ca -policy policy_anything -out $user.pem -infiles $user.req
expect "cakey.pem:"
send "$capass\n"
expect "y/n]:"
send "y\n"
expect "/n]"
send "y\n"
#p12
expect eof
spawn openssl pkcs12 -export -in $user.pem -inkey $user.key -out $user.p12 -passin pass:$pass -passout pass:$pass -certfile demoCA/cacert.pem
expect eof
exit
shell three:
#!/bin/bash
if test -z $1 ;then
echo "Please input username as arg0"
exit 1
fi
USER=$1
if [ -f ./$USER.pem ]; then
echo "ok,$USER's pem exist"
else
echo "$USER's pem file not exit!!!"
exit 0
fi
cat $USER.pem demoCA/cacert.pem >tmp$USER.pem
openssl crl2pkcs7 -certfile tmp$USER.pem -nocrl -out $USER.p7c -outform DER
if [ -f $USER.p7c ]; then
echo "OK,$USER.p7c made"
else
echo "error occur"
exit 1
fi
#rm tmp$USER.pem -rf