openssl 进阶(自动化) -凯发k8网页登录

开发出高质量的系统

常用链接

统计

积分与排名

好友之家

最新评论

openssl 进阶(自动化)

在用 openssl 的过程中会有很厌烦的一件事情,就使须要不停的填入各种资料,是否能让这些自动填写呢,答案是肯定的。下边几个 shell 配合使用,就能完成任务, shell 是我正在使用的,没有问题,不过可能有些东西是多余的,好在内容不多,很容易看明白:

 

shell one:

#!/bin/bash

echo -n  "input username:"

read username

#if [ -f bak/$username.pem ] || grep $username democa/newcerts -r 1>/dev/null 2>/dev/null ;then

#  echo "$username's cert has already been made,revoke(openssl ca -revoke $username.pem) and delete it first"

#  exit 1

#fi

echo -n "input password(length> 4):"

read password

echo -n "input ca's password:"

read capass

if [ -d bak ];then echo "bak dir exist"

else mkdir bak

fi

mv -if /usr/share/ssl/misc/*.pem bak

mv -if /usr/share/ssl/misc/*.req bak

mv -if /usr/share/ssl/misc/*.key bak

mv -if /usr/share/ssl/misc/*.p12 bak

/usr/share/ssl/misc/auto $username $password $capass

 

# make user dir

if [ -d /opt/certs/$username ];then

  echo "ok"

else

  mkdir -p /opt/certs/$username

fi

 

rm -rf /opt/certs/$username/* -rf

 

#cp $username.key $username.p12 $username.pem /edi/pss/cert/now/server/ -rf

cp $username.p12 /opt/certs/$username -rf

if [ -f system01.p7c ]; then

              cp system01.p7c /opt/certs/$username -rf

fi

 

if [ -f bak/system01.p7c ]; then

              cp bak/system01.p7c /opt/certs/$username -rf

fi

./makep7c $username

 

 

 

shell two:

#!/usr/bin/expect

set user [lindex $argv 0]

set pass [lindex $argv 1]

set capass [lindex $argv 2]

#spawn ./ca -newreq

spawn openssl req -new -keyout $user.key -out $user.req

expect "enter pem pass phrase:"

send "$pass\n"

expect "verifying - enter pem pass phrase:"

send "$pass\n"

expect "]:"

send "jp\n"

expect "]:"

send "\n"

expect "]:"

send "\n"

expect "]:"

send "wave\n"

expect "]:"

send "wave center\n"

expect "]:"

send "$user\n"

expect "]:"

send "$user@linux3.niis.com.cn\n"

expect "]:"

send "$pass\n"

expect "]:"

send "$pass\n"

#exit

 

#spawn ./ca -sign

expect eof

spawn openssl ca -policy policy_anything -out $user.pem -infiles $user.req

expect "cakey.pem:"

send "$capass\n"

expect "y/n]:"

send "y\n"

expect "/n]"

send "y\n"

   

#p12

expect eof

spawn openssl pkcs12 -export -in $user.pem -inkey $user.key -out $user.p12 -passin pass:$pass -passout pass:$pass -certfile democa/cacert.pem

expect eof

exit

 

shell three:

#!/bin/bash

if test -z $1 ;then

  echo "please input username as arg0"

  exit 1

fi

user=$1

if [ -f ./$user.pem ]; then

  echo "ok,$user's pem exist"

else

  echo "$user's pem file not exit!!!"

  exit 0

fi

cat $user.pem democa/cacert.pem >tmp$user.pem

openssl crl2pkcs7 -certfile  tmp$user.pem -nocrl -out $user.p7c -outform der

if [ -f $user.p7c ]; then

  echo "ok,$user.p7c made"

else

  echo "error occur"

  exit 1

fi

#rm tmp$user.pem -rf

posted on 2006-10-16 11:27 dreamstone 阅读(803) 评论(0)  编辑  收藏 所属分类: 片段

网站地图