Shell脚本自动生成整套证书

举报
张俭 发表于 2023/12/29 17:08:55 2023/12/29
【摘要】 #!/usr/bin/expectspawn openssl genrsa -aes256 -out ca.key.pem 2048expect "Enter pass phrase for ca.key.pem:"send "Password1\r"expect "Verifying - Enter pass phrase for ca.key.pem:"send "Password1\...
#!/usr/bin/expect
spawn openssl genrsa -aes256  -out ca.key.pem 2048

expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
expect "Verifying - Enter pass phrase for ca.key.pem:"
send "Password1\r"
interact

spawn openssl req -new -key ca.key.pem -out ca.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=*.iot.org"
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
interact

spawn openssl x509 -req -days 360 -sha1 -extensions v3_ca -signkey ca.key.pem -in ca.csr -out ca.cer
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
interact

#根证书转换
spawn openssl pkcs12 -export -cacerts -inkey ca.key.pem -in ca.cer -out ca.p12
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
expect "Enter Export Password:"
send "Password2\r"
expect "Verifying - Enter Export Password:"
send "Password2\r"
interact

#构建服务器证书
spawn openssl genrsa -aes256 -out server.key.pem 2048
expect "Enter pass phrase for server.key.pem:"
send "Password3\r"
expect "Verifying - Enter pass phrase for server.key.pem:"
send "Password3\r"
interact

#生成服务器证书签发申请
spawn openssl req -new -key server.key.pem -out server.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=www.iot.org"
expect "Enter pass phrase for server.key.pem::"
send "Password3\r"
interact

#使用ca对服务器证书进行签发
spawn openssl x509 -req -days 360 -sha1 -extensions v3_req -CA ca.cer -CAkey ca.key.pem -CAserial ca.srl -CAcreateserial -in server.csr -out server.cer
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
interact

#服务器证书转换
spawn openssl pkcs12 -export -clcerts -inkey server.key.pem -in server.cer -out server.p12
expect "Enter pass phrase for server.key.pem:"
send "Password3\r"
expect "Enter Export Password:"
send "Export_server\r"
expect "Verifying - Enter Export Password:"
send "Export_server\r"
interact

#创建根客户端密钥
spawn openssl genrsa -aes256 -out client.key.pem 2048
expect "Enter pass phrase for client.key.pem:"
send "client_key\r"
expect "Verifying - Enter pass phrase for client.key.pem"
send "client_key\r"
interact

#创建根客户端签发申请
spawn openssl req -new -key client.key.pem -out client.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=iot"
expect "Enter pass phrase for client.key.pem:"
send "client_key\r"
interact

#签发客户端证书
spawn openssl ca -days 360 -in client.csr -out client.cer -cert ca.cer -keyfile ca.key.pem
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
expect "Sign the certificat"
send "y"
expect "1 out of 1 certificate requests certified, commit"
send "Y"
interact

将该文件转换为可执行文件,直接./运行即可

【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。