Shell脚本自动生成整套证书

#!/usr/bin/expect
spawn openssl genrsa -aes256  -out ca.key.pem 2048

expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
expect "Verifying - Enter pass phrase for ca.key.pem:"
send "Password1\r"
interact

spawn openssl req -new -key ca.key.pem -out ca.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=*.iot.org"
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
interact

spawn openssl x509 -req -days 360 -sha1 -extensions v3_ca -signkey ca.key.pem -in ca.csr -out ca.cer
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
interact

#根证书转换
spawn openssl pkcs12 -export -cacerts -inkey ca.key.pem -in ca.cer -out ca.p12
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
expect "Enter Export Password:"
send "Password2\r"
expect "Verifying - Enter Export Password:"
send "Password2\r"
interact

#构建服务器证书
spawn openssl genrsa -aes256 -out server.key.pem 2048
expect "Enter pass phrase for server.key.pem:"
send "Password3\r"
expect "Verifying - Enter pass phrase for server.key.pem:"
send "Password3\r"
interact

#生成服务器证书签发申请
spawn openssl req -new -key server.key.pem -out server.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=www.iot.org"
expect "Enter pass phrase for server.key.pem::"
send "Password3\r"
interact

#使用ca对服务器证书进行签发
spawn openssl x509 -req -days 360 -sha1 -extensions v3_req -CA ca.cer -CAkey ca.key.pem -CAserial ca.srl -CAcreateserial -in server.csr -out server.cer
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
interact

#服务器证书转换
spawn openssl pkcs12 -export -clcerts -inkey server.key.pem -in server.cer -out server.p12
expect "Enter pass phrase for server.key.pem:"
send "Password3\r"
expect "Enter Export Password:"
send "Export_server\r"
expect "Verifying - Enter Export Password:"
send "Export_server\r"
interact

#创建根客户端密钥
spawn openssl genrsa -aes256 -out client.key.pem 2048
expect "Enter pass phrase for client.key.pem:"
send "client_key\r"
expect "Verifying - Enter pass phrase for client.key.pem"
send "client_key\r"
interact

#创建根客户端签发申请
spawn openssl req -new -key client.key.pem -out client.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=iot"
expect "Enter pass phrase for client.key.pem:"
send "client_key\r"
interact

#签发客户端证书
spawn openssl ca -days 360 -in client.csr -out client.cer -cert ca.cer -keyfile ca.key.pem
expect "Enter pass phrase for ca.key.pem:"
send "Password1\r"
expect "Sign the certificat"
send "y"
expect "1 out of 1 certificate requests certified, commit"
send "Y"
interact

将该文件转换为可执行文件,直接./运行即可

©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容

  • Spring Cloud
    Spring Cloud为开发人员提供了快速构建分布式系统中一些常见模式的工具(例如配置管理,服务发现,断路器,智...
    卡卡罗2017阅读 135,242评论 19 139
  • .bat脚本学习
    .bat脚本基本命令语法 目录 批处理的常见命令(未列举的命令还比较多,请查阅帮助信息) 1、REM 和 :: 2...
    庆庆庆庆庆阅读 8,278评论 1 19
  • 读书笔记 - 《程序员的自我修养》
    一、温故而知新 1. 内存不够怎么办 内存简单分配策略的问题地址空间不隔离内存使用效率低程序运行的地址不确定 关于...
    SeanCST阅读 7,923评论 0 27
  • 赚到钱的叫老板,还没赚钱的叫老师
    亲爱的朋友, 你有时候会不会脑子里突然蹦出几个许久不见的人的影子?我今天不知道为什么,心里浮浮沉沉的有好几个人影,...
    YolandaLIUsh阅读 260评论 0 1
  • 6月18
    又是一个父亲节,之前的一个父亲节我骂我爸不像个男人,这个父亲节又差点把我妈砍了,下一个父亲节。
    现在的孩子真是阅读 51评论 0 0