shell脚本实现openss自建CA和证书申请

发布时间：2020-12-15 21:12:56 所属栏目：安全来源：网络整理

导读：#!/bin/ bash## ******************************************************************** #Author: Ma Xue Bin #QQ: 316428921 #Date: 2019 - 06 - 22 #为客户端申请证书client(){rpm -q expect /dev/ null || yum install expect - yexpect EOF set timeout

#!/bin/bash
#
#********************************************************************
#Author:                Ma Xue Bin                                                                                                                  
#QQ:                    316428921
#Date:                  2019-06-22

#为客户端申请证书
client(){
rpm -q expect &> /dev/null || yum install expect -y
expect <<EOF                                                                                                                                        
set timeout 10
spawn ssh [email?protected]$ip
expect {
"yes/no" {send "yesn";exp_continue}
"password" {send "centosn"}
}
expect "]#" {send "yum install expect -y n"}
expect "~]#" {send "(umask 077;openssl genrsa -out /data/$key 1024)n"}
expect "]#" {send "openssl req -new -in /data/$key  -out /data/$csrn"}
expect "Enter PEM pass phrase:" {send "maxuebinn"}
expect "Verifying - Enter PEM pass phrase:" {send "maxuebinn"}
expect ":" {send "CNn"}
expect ":" {send "beijingn"}
expect ":" {send "beijingn"}
expect ":" {send "magedun"}
expect ":" {send "devopsn"}
expect ":" {send "www.magedu.comn"}
expect ":" {send "[email?protected]n"}
expect ":" {send "n"}
expect ":" {send "n"}
expect "~]#" {send "scp /data/$csr [email?protected]$IP:/data/n"} 
expect {
"yes/no" {send "yesn";exp_continue}
"password" {send "centosn"}
}
expect "#" {send "exitn"}
expect eof
EOF
}

#服务器端自建CA
MKCA(){
rpm -q expect &> /dev/null || yum install expect -y
(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
expect <<EOF
spawn openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 
expect ":" {send "CNn"}
expect ":" {send "beijingn"}
expect ":" {send "beijingn"}
expect ":" {send "magedun"}
expect ":" {send "devopsn"}
expect ":" {send "ca.magedu.comn"}
expect ":" {send "[email?protected]n"}
expect eof
EOF
[ -f /etc/pki/CA/index.txt ] || touch /etc/pki/CA/index.txt
[ -f /etc/pki/CA/serial ] || echo 01 > /etc/pki/CA/serial
}

#服务器端签署证书                             
certificate(){
if [ -f /data/$csr ];then 
cer=`echo $csr |cut -d. -f1`
expect <<EOF
spawn openssl ca -in /data/$csr -out /etc/pki/CA/certs/$cer.crt -days 100
expect "]:" {send "yn"}
expect "]" {send "yn"}
expect eof
EOF
fi
}






user=root
ip=192.168.1.110
IP=192.168.1.108
key=app.key
csr=app.csr
while true;do
cat <<EOF
1 自建CA 
2 签署证书
3 为客户端申请证书
4 自动化自建CA并让客户端申请证书并签证
5 退出
EOF                                             
read -p "plese input number: " number
case $number in
1)
        MKCA
        ;;
2)
        certificate
        ;;
3)
        client
        ;;
4)
        client
        MKCA
        certificate
        ;;
5)
        exit
        ;;
*)
        echo "please input a valid arguments"
        ;;
esac
done

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!