- #!/bin/bash
- #
- #********************************************************************
- #Author: Ma Xue Bin
- #QQ: 316428921
- #Date: 2019-06-22
- # 为客户端申请证书
- client(){
- rpm -q expect &> /dev/null || yum install expect -y
- expect <<EOF
- set timeout 10
- spawn SSH [email protected]$ip
- expect {
- "yes/no" {
- send "yes\n";exp_continue
- }
- "password" {
- send "centos\n"
- }
- }
- expect "]#" {
- send "yum install expect -y \n"
- }
- expect "~]#" {
- send "(umask 077;openssl genrsa -out /data/$key 1024)\n"
- }
- expect "]#" {
- send "openssl req -new -in /data/$key -out /data/$csr\n"
- }
- expect "Enter PEM pass phrase:" {
- send "maxuebin\n"
- }
- expect "Verifying - Enter PEM pass phrase:" {
- send "maxuebin\n"
- }
- expect ":" {
- send "CN\n"
- }
- expect ":" {
- send "beijing\n"
- }
- expect ":" {
- send "beijing\n"
- }
- expect ":" {
- send "magedu\n"
- }
- expect ":" {
- send "devops\n"
- }
- expect ":" {
- send "www.magedu.com\n"
- }
- expect ":" {
- send "[email protected]\n"
- }
- expect ":" {
- send "\n"
- }
- expect ":" {
- send "\n"
- }
- expect "~]#" {
- send "scp /data/$csr [email protected]$IP:/data/\n"
- }
- expect {
- "yes/no" {
- send "yes\n";exp_continue
- }
- "password" {
- send "centos\n"
- }
- }
- expect "#" {
- send "exit\n"
- }
- expect eof
- EOF
- }
- # 服务器端自建 CA
- MKCA(){
- rpm -q expect &> /dev/null || yum install expect -y
- (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
- expect <<EOF
- spawn openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
- expect ":" {
- send "CN\n"
- }
- expect ":" {
- send "beijing\n"
- }
- expect ":" {
- send "beijing\n"
- }
- expect ":" {
- send "magedu\n"
- }
- expect ":" {
- send "devops\n"
- }
- expect ":" {
- send "ca.magedu.com\n"
- }
- expect ":" {
- send "[email protected]\n"
- }
- expect eof
- EOF
- [ -f /etc/pki/CA/index.txt ] || touch /etc/pki/CA/index.txt
- [ -f /etc/pki/CA/serial ] || echo 01> /etc/pki/CA/serial
- }
- # 服务器端签署证书
- certificate(){
- if [ -f /data/$csr ];then
- cer=`echo $csr |cut -d. -f1`
- expect <<EOF
- spawn openssl ca -in /data/$csr -out /etc/pki/CA/certs/$cer.crt -days 100
- expect "]:" {
- send "y\n"
- }
- expect "]" {
- send "y\n"
- }
- expect eof
- EOF
- fi
- }
- user=root
- ip=192.168.1.110
- IP=192.168.1.108
- key=App.key
- csr=App.csr
- while true;do
- cat <<EOF
1 自建 CA
2 签署证书
3 为客户端申请证书
4 自动化自建 CA 并让客户端申请证书并签证
5 退出
- EOF
- read -p "plese input number:" number
- case $number in
- 1)
- MKCA
- ;;
- 2)
- certificate
- ;;
- 3)
- client
- ;;
- 4)
- client
- MKCA
- certificate
- ;;
- 5)
- exit
- ;;
- *)
- echo "please input a valid arguments"
- ;;
- esac
- done
来源: http://www.bubuko.com/infodetail-3100993.html