Created
September 12, 2015 21:13
-
-
Save flyx/3d9c59f5ef505a26e0bd to your computer and use it in GitHub Desktop.
expect script to create and sign a new OpenSSL cert/key pair
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/expect -f | |
# | |
# creates a new key/cert pair with openssl and signs it with a local CA | |
# | |
# expects /etc/ssl/openssl.cnf to provide correct defaults to everything | |
# except the CN. Easily modifyable to handle more parameters. | |
# | |
# usage: ./newcert.key CN capass | |
# | |
# * CN: the name of your website, eg example.com | |
# * capass: the password of your CA key | |
# | |
# output: newkey.nopass.pem (password-less), newcert.pem | |
set timeout -1 | |
set name [lindex $argv 0]; | |
set pass [lindex $argv 1]; | |
spawn /usr/lib/ssl/misc/CA.pl -newreq | |
expect {Enter PEM pass phrase:} {send "abcd\n"} | |
expect {Verifying - Enter PEM pass phrase:} {send "abcd\n"} | |
expect -re {Country Name \(2 letter code\) [^:]*:} {send "\n"} | |
expect -re {State or Province Name \(full name\) [^:]*:} {send "\n"} | |
expect -re {Locality Name \(eg, city\) [^:]*:} {send "\n"} | |
expect -re {Organization Name \(eg, company\) [^:]*:} {send "\n"} | |
expect -re {Organizational Unit Name \(eg, section\) [^:]*:} {send "\n"} | |
expect -re {Common Name \(e.g. server FQDN or YOUR name\) [^:]*:} {send "${name}\n"} | |
expect -re {Email Address [^:]*:} {send "\n"} | |
expect -re {A challenge password [^:]*:} {send "\n"} | |
expect -re {An optional company name [^:]*:} {send "\n"} | |
expect eof | |
spawn /usr/lib/ssl/misc/CA.pl -sign | |
expect {Enter pass phrase for /etc/ssl/ca/private/cakey.pem:} {send "$pass\n"} | |
expect {Sign the certificate? \[y/n\]:} {send "y\n"} | |
expect {1 out of 1 certificate requests certified, commit? \[y/n\]} {send "y\n"} | |
expect eof | |
spawn openssl rsa -in newkey.pem -out newkey.nopass.pem | |
expect "Enter pass phrase for newkey.pem:" {send "abcd\n"} | |
expect eof |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment