Skip to content

Instantly share code, notes, and snippets.

Created September 12, 2015 21:13
What would you like to do?
expect script to create and sign a new OpenSSL cert/key pair
#!/usr/bin/expect -f
# creates a new key/cert pair with openssl and signs it with a local CA
# expects /etc/ssl/openssl.cnf to provide correct defaults to everything
# except the CN. Easily modifyable to handle more parameters.
# usage: ./newcert.key CN capass
# * CN: the name of your website, eg
# * capass: the password of your CA key
# output: newkey.nopass.pem (password-less), newcert.pem
set timeout -1
set name [lindex $argv 0];
set pass [lindex $argv 1];
spawn /usr/lib/ssl/misc/ -newreq
expect {Enter PEM pass phrase:} {send "abcd\n"}
expect {Verifying - Enter PEM pass phrase:} {send "abcd\n"}
expect -re {Country Name \(2 letter code\) [^:]*:} {send "\n"}
expect -re {State or Province Name \(full name\) [^:]*:} {send "\n"}
expect -re {Locality Name \(eg, city\) [^:]*:} {send "\n"}
expect -re {Organization Name \(eg, company\) [^:]*:} {send "\n"}
expect -re {Organizational Unit Name \(eg, section\) [^:]*:} {send "\n"}
expect -re {Common Name \(e.g. server FQDN or YOUR name\) [^:]*:} {send "${name}\n"}
expect -re {Email Address [^:]*:} {send "\n"}
expect -re {A challenge password [^:]*:} {send "\n"}
expect -re {An optional company name [^:]*:} {send "\n"}
expect eof
spawn /usr/lib/ssl/misc/ -sign
expect {Enter pass phrase for /etc/ssl/ca/private/cakey.pem:} {send "$pass\n"}
expect {Sign the certificate? \[y/n\]:} {send "y\n"}
expect {1 out of 1 certificate requests certified, commit? \[y/n\]} {send "y\n"}
expect eof
spawn openssl rsa -in newkey.pem -out newkey.nopass.pem
expect "Enter pass phrase for newkey.pem:" {send "abcd\n"}
expect eof
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment