shell script to achieve self openss CA and certificate request

#! / bin / bash 
# 
# ****************************************** ************************** 
#Author: the Bin Xue Ma                                                                                                                   
# QQ:                     316 428 921 
#Date:                   2019 - 06 - 22 

# client application for a certificate 
Client () { 
RPM -q & Expect> / dev / null || yum  the install Expect - Y 
Expect <<EOF                                                                                                                                        
set timeout 10
spawn ssh $user@$ip
expect {
"yes/no" {send "yes\n";exp_continue}
"password" {send "centos\n"}
}
expect "]#" {send "yum install expect -y \n"}
expect "~]#" {send "(umask 077;openssl genrsa -out /data/$key 1024)\n"}
expect "]#" {send "openssl req -new -in /data/$key  -out /data/$csr\n"}
expect "Enter PEM pass phrase:" {send "maxuebin\n"}
expect "Verifying - Enter PEM pass phrase:" {send "maxuebin\n"}
expect ":" {send "CN\n"}
expect ":" {send "beijing\n"}
expect ":" {send "beijing\n"}
expect ":" {send "magedu\n"}
expect ":" {send "devops\n"}
expect ":" {send "www.magedu.com\n"}
expect ":" {send "[email protected]\n"}
expect ":" {send "\n"}
expect ":" {send "\n"}
expect "~]#" {send "scp /data/$csr root@$IP:/data/\n"} 
expect {
"yes/no" {send "yes\n";exp_continue}
"password" {send "centos\n"}
}
expect "#" {send "exit\n"}
expect eof
EOF
}

#服务器端自建CA
MKCA(){
rpm -q expect &> /dev/null || yum install expect -y
(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
expect <<EOF
spawn openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 
expect ":" {send "CN\n"}
expect ":" {send "beijing\n"}
expect ":" {send "beijing\n"}
expect ":" {send "magedu\n"}
expect ":" {send "devops\n"}
expect ":" {send "ca.magedu.com\n"}
expect ":" {send "[email protected]\n"}
expect eof
EOF
[ -f /etc/pki/CA/index.txt ] || touch /etc/pki/CA/index.txt
[ -f /etc/pki/CA/serial ] || echo 01 > /etc/pki/CA/serial
}

#服务器端签署证书                             
certificate(){
if [ -f /data/$csr ];then 
cer=`echo $csr |cut -d. -f1`
expect <<EOF
spawn openssl ca -in /data/$csr -out /etc/pki/CA/certs/$cer.crt -days 100
expect "]:" {send "y\n"}
Expect " ] " {Send " Y \ n- " } 
Expect EOF 
the EOF 
Fi 
} 






User = the root 
IP = 192.168 . 1.110 
the IP = 192.168 . 1.108 
Key = app.key 
CSR = app.csr
 the while  to true ; do 
CAT << the EOF
 . 1 from built CA 
 2 signed certificate
 3 for the client to request a certificate
 4 automated self CA and allow the client to request a certificate and visa
 5 exit
EOF                                             
read -p "plese input number: " number
case $number in
1)
        MKCA
        ;;
2)
        certificate
        ;;
3)
        client
        ;;
4)
        client
        MKCA
        certificate
        ;;
5)
        exit
        ;;
*)
        echo "please input a valid arguments"
        ;;
esac
done