Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
# aeiocsr.bash
#http://pastebin.com/TaGAVJKw
#
# Script to auto-enroll an OS X 10.5 system via an AD CA's web enrollment.
#
# v. .2
# 6/3/08 - The birth of a script during a very stormy night. - Joel Rennich, mactroll@afp548.com
# Note: All in bash to make Nigel cry
# What we need to get
# Constants
DOMAIN_NAME="jodapro.com"
CA_URL="http://jodapro2k3.jodapro.com/certsrv"
## We should really use mktemp or something here....
KEY="/tmp/test.key"
CSR="/tmp/test.csr"
CRT="/tmp/test.crt"
# Dynamics
MACHINE_NAME="pinky"
## 1 - gen csr with openssl
openssl req -new -batch -newkey rsa:2048 -nodes -keyout "${KEY}" -out "${CSR}" -subj "/CN=${MACHINE_NAME}.${DOMAIN_NAME}"
## 2 - get tgt
kinit -k ${MACHINE_NAME}$
## 3 - curl the csr up
# First we do some really really ugly-looking awk work to url-encode the csr
# Later versions of curl do this for us... but we don't have that luxury.
ENCODED_CSR=`cat ${CSR} | hexdump -v -e '1/1 "%02x\t"' -e '1/1 "%_c\n"' |
LANG=C awk '
$1 == "20" { printf("%s", "+"); next }
$2 ~ /^[a-zA-Z0-9.*()\/-]$/ { printf("%s", $2); next }
{ printf("%%%s", $1) }'`
# Now to post this to the Web Enrollment page.
# We'll need to capture the ReqID when it finishes
REQ_ID=`curl --negotiate -u : -d CertRequest=${ENCODED_CSR} -d SaveCert=yes -d Mode=newreq -d CertAttrib=CertificateTemplate:ComputerCerts ${CA_URL}/certfnsh.asp | sed -e '/.*location="certnew.cer?ReqID=/ !d' -e 's/.*ID=//' -e 's/&.*//'`
## Get the cert
curl -o ${CRT} --negotiate -u : ${CA_URL}/certnew.cer?ReqID=${REQ_ID}&Enc=b64
## import the certs
##security
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.