expect script to create and sign a new OpenSSL cert/key pair

newcert.expect

#!/usr/bin/expect -f
#
# creates a new key/cert pair with openssl and signs it with a local CA
#
# expects /etc/ssl/openssl.cnf to provide correct defaults to everything
# except the CN. Easily modifyable to handle more parameters.
#
# usage: ./newcert.key CN capass
#
#  * CN: the name of your website, eg example.com
#  * capass: the password of your CA key
#
# output: newkey.nopass.pem (password-less), newcert.pem

set timeout -1

set name [lindex $argv 0];
set pass [lindex $argv 1];

spawn /usr/lib/ssl/misc/CA.pl -newreq
expect {Enter PEM pass phrase:} {send "abcd\n"}
expect {Verifying - Enter PEM pass phrase:} {send "abcd\n"}
expect -re {Country Name \(2 letter code\) [^:]*:} {send "\n"}
expect -re {State or Province Name \(full name\) [^:]*:} {send "\n"}
expect -re {Locality Name \(eg, city\) [^:]*:} {send "\n"}
expect -re {Organization Name \(eg, company\) [^:]*:} {send "\n"}
expect -re {Organizational Unit Name \(eg, section\) [^:]*:} {send "\n"}
expect -re {Common Name \(e.g. server FQDN or YOUR name\) [^:]*:} {send "${name}\n"}
expect -re {Email Address [^:]*:} {send "\n"}
expect -re {A challenge password [^:]*:} {send "\n"}
expect -re {An optional company name [^:]*:} {send "\n"}
expect eof

spawn /usr/lib/ssl/misc/CA.pl -sign
expect {Enter pass phrase for /etc/ssl/ca/private/cakey.pem:} {send "$pass\n"}
expect {Sign the certificate? \[y/n\]:} {send "y\n"}
expect {1 out of 1 certificate requests certified, commit? \[y/n\]} {send "y\n"}
expect eof

spawn openssl rsa -in newkey.pem -out newkey.nopass.pem
expect "Enter pass phrase for newkey.pem:" {send "abcd\n"}
expect eof