#! / bin / bash # # ****************************************** ************************** #Author: the Bin Xue Ma # QQ: 316 428 921 #Date: 2019 - 06 - 22 # client application for a certificate Client () { RPM -q & Expect> / dev / null || yum the install Expect - Y Expect <<EOF set timeout 10 spawn ssh $user@$ip expect { "yes/no" {send "yes\n";exp_continue} "password" {send "centos\n"} } expect "]#" {send "yum install expect -y \n"} expect "~]#" {send "(umask 077;openssl genrsa -out /data/$key 1024)\n"} expect "]#" {send "openssl req -new -in /data/$key -out /data/$csr\n"} expect "Enter PEM pass phrase:" {send "maxuebin\n"} expect "Verifying - Enter PEM pass phrase:" {send "maxuebin\n"} expect ":" {send "CN\n"} expect ":" {send "beijing\n"} expect ":" {send "beijing\n"} expect ":" {send "magedu\n"} expect ":" {send "devops\n"} expect ":" {send "www.magedu.com\n"} expect ":" {send "[email protected]\n"} expect ":" {send "\n"} expect ":" {send "\n"} expect "~]#" {send "scp /data/$csr root@$IP:/data/\n"} expect { "yes/no" {send "yes\n";exp_continue} "password" {send "centos\n"} } expect "#" {send "exit\n"} expect eof EOF } #服务器端自建CA MKCA(){ rpm -q expect &> /dev/null || yum install expect -y (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096) expect <<EOF spawn openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 expect ":" {send "CN\n"} expect ":" {send "beijing\n"} expect ":" {send "beijing\n"} expect ":" {send "magedu\n"} expect ":" {send "devops\n"} expect ":" {send "ca.magedu.com\n"} expect ":" {send "[email protected]\n"} expect eof EOF [ -f /etc/pki/CA/index.txt ] || touch /etc/pki/CA/index.txt [ -f /etc/pki/CA/serial ] || echo 01 > /etc/pki/CA/serial } #服务器端签署证书 certificate(){ if [ -f /data/$csr ];then cer=`echo $csr |cut -d. -f1` expect <<EOF spawn openssl ca -in /data/$csr -out /etc/pki/CA/certs/$cer.crt -days 100 expect "]:" {send "y\n"} Expect " ] " {Send " Y \ n- " } Expect EOF the EOF Fi } User = the root IP = 192.168 . 1.110 the IP = 192.168 . 1.108 Key = app.key CSR = app.csr the while to true ; do CAT << the EOF . 1 from built CA 2 signed certificate 3 for the client to request a certificate 4 automated self CA and allow the client to request a certificate and visa 5 exit EOF read -p "plese input number: " number case $number in 1) MKCA ;; 2) certificate ;; 3) client ;; 4) client MKCA certificate ;; 5) exit ;; *) echo "please input a valid arguments" ;; esac done