openssl 进阶（自动化）

在用 openssl 的过程中会有很厌烦的一件事情，就使须要不停的填入各种资料，是否能让这些自动填写呢，答案是肯定的。下边几个 shell 配合使用，就能完成任务， shell 是我正在使用的，没有问题，不过可能有些东西是多余的，好在内容不多，很容易看明白：  <o:p> </o:p>

<o:p> </o:p>

shell one:<o:p></o:p>

#!/bin/bash<o:p></o:p>

echo -n "input username:"<o:p></o:p>

read USERNAME<o:p></o:p>

#if [ -f bak/$USERNAME.pem ] || grep $USERNAME demoCA/newcerts -R 1>/dev/null 2>/dev/null ;then<o:p></o:p>

# echo "$USERNAME's cert has already been made,revoke(openssl ca -revoke $USERNAME.pem) and delete it first"<o:p></o:p>

# exit 1<o:p></o:p>

#fi<o:p></o:p>

echo -n "input password(length> 4):"<o:p></o:p>

read PASSWORD<o:p></o:p>

echo -n "input ca's password:"<o:p></o:p>

read CAPASS<o:p></o:p>

if [ -d bak ];then echo "bak dir exist"<o:p></o:p>

else mkdir bak<o:p></o:p>

fi<o:p></o:p>

mv -if /usr/share/ssl/misc/*.pem bak<o:p></o:p>

mv -if /usr/share/ssl/misc/*.req bak<o:p></o:p>

mv -if /usr/share/ssl/misc/*.key bak<o:p></o:p>

mv -if /usr/share/ssl/misc/*.p12 bak<o:p></o:p>

/usr/share/ssl/misc/auto $USERNAME $PASSWORD $CAPASS<o:p></o:p>

<o:p> </o:p>

# make user dir<o:p></o:p>

if [ -d /opt/certs/$USERNAME ];then<o:p></o:p>

echo "ok"<o:p></o:p>

else<o:p></o:p>

mkdir -p /opt/certs/$USERNAME<o:p></o:p>

fi<o:p></o:p>

<o:p> </o:p>

rm -rf /opt/certs/$USERNAME/* -rf<o:p></o:p>

<o:p> </o:p>

#cp $USERNAME.key $USERNAME.p12 $USERNAME.pem /edi/pss/cert/now/server/ -rf<o:p></o:p>

cp $USERNAME.p12 /opt/certs/$USERNAME -rf<o:p></o:p>

if [ -f SYSTEM01.p7c ]; then<o:p></o:p>

cp SYSTEM01.p7c /opt/certs/$USERNAME -rf<o:p></o:p>

fi<o:p></o:p>

<o:p> </o:p>

if [ -f bak/SYSTEM01.p7c ]; then<o:p></o:p>

cp bak/SYSTEM01.p7c /opt/certs/$USERNAME -rf<o:p></o:p>

fi<o:p></o:p>

./makep7c $USERNAME

<o:p> </o:p>

shell two:

#!/usr/bin/expect

set user [lindex $argv 0]

set pass [lindex $argv 1]

set capass [lindex $argv 2]

#spawn ./CA -newreq

spawn openssl req -new -keyout $user.key -out $user.req

expect "Enter PEM pass phrase:"

send "$pass\n"

expect "Verifying - Enter PEM pass phrase:"

send "$pass\n"

expect "]:"

send "JP\n"

expect "]:"

send "\n"

expect "]:"

send "\n"

expect "]:"

send "WAVE\n"

expect "]:"

send "WAVE Center\n"

expect "]:"

send "$user\n"

expect "]:"

send "$user@linux3.niis.com.cn\n"

expect "]:"

send "$pass\n"

expect "]:"

send "$pass\n"

<o:p> </o:p>

#exit

<o:p> </o:p>

#spawn ./CA -sign

expect eof

spawn openssl ca -policy policy_anything -out $user.pem -infiles $user.req

expect "cakey.pem:"

send "$capass\n"

expect "y/n]:"

send "y\n"

expect "/n]"

send "y\n"

<o:p> </o:p> <o:p> </o:p>

#p12

expect eof

spawn openssl pkcs12 -export -in $user.pem -inkey $user.key -out $user.p12 -passin pass:$pass -passout pass:$pass -certfile demoCA/cacert.pem

expect eof

exit

<o:p> </o:p>

shell three:

#!/bin/bash

if test -z $1 ;then

echo "Please input username as arg0"

exit 1

USER=$1

if [ -f ./$USER.pem ]; then

echo "ok,$USER's pem exist"

else

echo "$USER's pem file not exit!!!"

exit 0

cat $USER.pem demoCA/cacert.pem >tmp$USER.pem

openssl crl2pkcs7 -certfile tmp$USER.pem -nocrl -out $USER.p7c -outform DER

if [ -f $USER.p7c ]; then

echo "OK,$USER.p7c made"

else

echo "error occur"

exit 1

#rm tmp$USER.pem -rf<o:p></o:p>

分享到：

Jdk1.4 和jdk1.5中的StringBuffer的不同 | openssl 入门

2006-10-16 11:27
浏览 2131
评论(0)
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论