shell脚本
[root@localhost ~]# cat https.sh #! /bin/bash hostname=192.168.186.130 cd /etc/pki/ && mkdir /etc/pki/CA/ cd /etc/pki/CA/ && mkdir /etc/pki/CA/private yum -y remove httpd &>/dev/null yum -y install httpd &>/dev/null systemctl enable --now httpd &>/dev/null (umask 077;openssl genrsa -out private/cakey.pem 2048) openssl rsa -in private/cakey.pem -pubout expect << EOF set timeout 60 spawn openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 expect "letter code" {send "CH "} expect "full name" {send "YN "} expect "Default City" {send "KM "} expect "Default Company Ltd" {send "LYJ "} expect "eg, section" {send "tcp "} expect "hostname" {send "${hostname} "} expect "Email Address" {send "123@456.com "} expect "#" EOF openssl x509 -text -in cacert.pem mkdir certs newcerts cr1 touch index.txt. && echo 01 > serial cd /etc/httpd && mkdir ssl && cd ssl (umask 077;openssl genrsa -out httpd.key 2048) expect << EOF set timeout 60 spawn openssl req -new -key httpd.key -days 365 -out httpd.csr expect "code" {send "CH "} expect "name" {send "YN "} expect "Default City" {send "KM "} expect "Default Company Ltd" {send "LYJ "} expect "eg, section" {send "tcp "} expect "hostname" {send "${hostname} "} expect "Email Address" {send "123@456.com "} expect "password" {send "12345 "} expect "company name" {send " "} expect "#" EOF expect << EOF set timeout 60 spawn scp httpd.csr root@${hostname}:/root expect "password:" {send "mf2130369588mf "} expect "#" EOF expect << EOF set timeout 60 spawn openssl ca -in ./httpd.csr -out httpd.crt -days 365 expect "certificate" {send "y "} expect "commit" {send "y "} expect "#" EOF
执行脚本
[root@localhost ~]# ./https.sh Generating RSA private key, 2048 bit long modulus (2 primes) ...................+++++ ............................................................................+++++ e is 65537 (0x010001) writing RSA key -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ITZaDyRe7m+Ggny//H+ 38qi/pVvMDp/KnxUQFog2oBLXc/iLRrvdwAA5A8NRJholvDmgLUIxwvVnC1n8JQF 2DyZAoUKOfBmsg809waaHzJN+2u+JPku3NMvInq4S1AvUchqIE/c8XlV0IsKt4mj 0pyfZhdM3ctcTnrlLH46WrOem1v54lU5JyZ0ow1xn8lLrmRVq+KcRgLBZTWBUjJY Kb1IY5YNBDcN7fAUezfhbaOZGd+5FiYuEahDqwnqYBeu0Rb8GQkuvbuLrwsckBq+ pxg0i+otrhAsQaG8JNKHN55KGmBiYBIIqLdLfvn9JiTGr7pY819+CzjvkWlJYvfv FQIDAQAB -----END PUBLIC KEY----- spawn openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CH State or Province Name (full name) []:YN Locality Name (eg, city) [Default City]:KM Organization Name (eg, company) [Default Company Ltd]:LYJ Organizational Unit Name (eg, section) []:tcp Common Name (eg, your name or your server's hostname) []:192.168.186.130 Email Address []:123@456.com Certificate: Data: Version: 3 (0x2) Serial Number: 3d:f3:c4:91:a3:cc:05:8f:2e:fd:9e:5e:2f:e0:cd:e8:c6:17:d5:ff Signature Algorithm: sha256WithRSAEncryption Issuer: C = CH, ST = YN, L = KM, O = LYJ, OU = tcp, CN = 192.168.186.130, emailAddress = 123@456.com Validity Not Before: Apr 1 11:25:28 2021 GMT Not After : Apr 1 11:25:28 2022 GMT Subject: C = CH, ST = YN, L = KM, O = LYJ, OU = tcp, CN = 192.168.186.130, emailAddress = 123@456.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:dc:84:d9:68:3c:91:7b:b9:be:1a:09:f2:ff:f1: fe:df:ca:a2:fe:95:6f:30:3a:7f:2a:7c:54:40:5a: 20:da:80:4b:5d:cf:e2:2d:1a:ef:77:00:00:e4:0f: 0d:44:98:68:96:f0:e6:80:b5:08:c7:0b:d5:9c:2d: 67:f0:94:05:d8:3c:99:02:85:0a:39:f0:66:b2:0f: 34:f7:06:9a:1f:32:4d:fb:6b:be:24:f9:2e:dc:d3: 2f:22:7a:b8:4b:50:2f:51:c8:6a:20:4f:dc:f1:79: 55:d0:8b:0a:b7:89:a3:d2:9c:9f:66:17:4c:dd:cb: 5c:4e:7a:e5:2c:7e:3a:5a:b3:9e:9b:5b:f9:e2:55: 39:27:26:74:a3:0d:71:9f:c9:4b:ae:64:55:ab:e2: 9c:46:02:c1:65:35:81:52:32:58:29:bd:48:63:96: 0d:04:37:0d:ed:f0:14:7b:37:e1:6d:a3:99:19:df: b9:16:26:2e:11:a8:43:ab:09:ea:60:17:ae:d1:16: fc:19:09:2e:bd:bb:8b:af:0b:1c:90:1a:be:a7:18: 34:8b:ea:2d:ae:10:2c:41:a1:bc:24:d2:87:37:9e: 4a:1a:60:62:60:12:08:a8:b7:4b:7e:f9:fd:26:24: c6:af:ba:58:f3:5f:7e:0b:38:ef:91:69:49:62:f7: ef:15 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 3A:32:7C:FA:3D:86:85:E4:5D:F7:19:88:F7:0B:62:A1:09:63:D6:0A X509v3 Authority Key Identifier: keyid:3A:32:7C:FA:3D:86:85:E4:5D:F7:19:88:F7:0B:62:A1:09:63:D6:0A X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 3c:4f:98:7f:31:1d:72:7c:ef:f0:e2:f3:73:99:a5:e0:66:4e: 17:68:90:c9:ae:07:a6:cc:61:c8:04:56:e4:90:3f:81:95:74: 00:68:0a:43:44:bd:8a:ee:65:48:35:8d:60:29:83:a0:01:17: 25:ff:1a:a0:54:a6:c3:a0:83:9c:6c:5e:35:98:86:e3:95:5b: ca:83:a9:3e:7a:00:01:2e:c2:7d:80:32:2a:51:2b:a4:d0:9c: 88:08:c1:70:94:6e:a3:37:5b:96:d4:82:ec:ee:63:78:c2:57: 08:87:8b:f6:d5:ab:d7:b5:23:07:f0:77:b1:7e:d7:bd:d7:f6: de:71:94:5e:20:9d:97:75:19:ed:b0:90:e2:78:80:e9:66:61: 49:5d:d8:c9:c1:0e:49:20:66:60:7f:00:1a:77:89:c7:82:bd: 3d:52:e7:3e:f3:7c:83:74:bc:f3:f1:ea:b6:ca:5e:31:9f:0e: 2e:1b:b2:25:6f:42:17:9c:cd:9f:1b:c0:6c:42:bf:8e:78:b1: 77:ae:e1:94:6b:72:47:2f:55:99:18:f3:d8:2e:f3:97:c8:37: 12:79:40:fc:7e:3a:3c:99:29:e2:d0:83:96:73:ee:12:46:3c: ef:70:38:16:38:1d:0e:7f:63:db:88:03:29:f2:01:ec:9f:42: 77:1e:5c:54 -----BEGIN CERTIFICATE----- MIID0zCCArugAwIBAgIUPfPEkaPMBY8u/Z5eL+DN6MYX1f8wDQYJKoZIhvcNAQEL BQAweTELMAkGA1UEBhMCQ0gxCzAJBgNVBAgMAllOMQswCQYDVQQHDAJLTTEMMAoG A1UECgwDTFlKMQwwCgYDVQQLDAN0Y3AxGDAWBgNVBAMMDzE5Mi4xNjguMTg2LjEz MDEaMBgGCSqGSIb3DQEJARYLMTIzQDQ1Ni5jb20wHhcNMjEwNDAxMTEyNTI4WhcN MjIwNDAxMTEyNTI4WjB5MQswCQYDVQQGEwJDSDELMAkGA1UECAwCWU4xCzAJBgNV BAcMAktNMQwwCgYDVQQKDANMWUoxDDAKBgNVBAsMA3RjcDEYMBYGA1UEAwwPMTky LjE2OC4xODYuMTMwMRowGAYJKoZIhvcNAQkBFgsxMjNANDU2LmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBANyE2Wg8kXu5vhoJ8v/x/t/Kov6VbzA6 fyp8VEBaINqAS13P4i0a73cAAOQPDUSYaJbw5oC1CMcL1ZwtZ/CUBdg8mQKFCjnw ZrIPNPcGmh8yTftrviT5LtzTLyJ6uEtQL1HIaiBP3PF5VdCLCreJo9Kcn2YXTN3L XE565Sx+Olqznptb+eJVOScmdKMNcZ/JS65kVavinEYCwWU1gVIyWCm9SGOWDQQ3 De3wFHs34W2jmRnfuRYmLhGoQ6sJ6mAXrtEW/BkJLr27i68LHJAavqcYNIvqLa4Q LEGhvCTShzeeShpgYmASCKi3S375/SYkxq+6WPNffgs475FpSWL37xUCAwEAAaNT MFEwHQYDVR0OBBYEFDoyfPo9hoXkXfcZiPcLYqEJY9YKMB8GA1UdIwQYMBaAFDoy fPo9hoXkXfcZiPcLYqEJY9YKMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL BQADggEBADxPmH8xHXJ87/Di83OZpeBmThdokMmuB6bMYcgEVuSQP4GVdABoCkNE vYruZUg1jWApg6ABFyX/GqBUpsOgg5xsXjWYhuOVW8qDqT56AAEuwn2AMipRK6TQ nIgIwXCUbqM3W5bUguzuY3jCVwiHi/bVq9e1Iwfwd7F+173X9t5xlF4gnZd1Ge2w kOJ4gOlmYUld2MnBDkkgZmB/ABp3iceCvT1S5z7zfIN0vPPx6rbKXjGfDi4bsiVv QheczZ8bwGxCv454sXeu4ZRrckcvVZkY89gu85fINxJ5QPx+OjyZKeLQg5Zz7hJG PO9wOBY4HQ5/Y9uIAynyAeyfQnceXFQ= -----END CERTIFICATE----- Generating RSA private key, 2048 bit long modulus (2 primes) .................................+++++ ..........+++++ e is 65537 (0x010001) spawn openssl req -new -key httpd.key -days 365 -out httpd.csr Ignoring -days; not generating a certificate You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CH State or Province Name (full name) []:YN Locality Name (eg, city) [Default City]:KM Organization Name (eg, company) [Default Company Ltd]:LYJ Organizational Unit Name (eg, section) []:tcp Common Name (eg, your name or your server's hostname) []:192.168.186.130 Email Address []:123@456.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:12345 An optional company name []: spawn scp httpd.csr root@192.168.186.130:/root httpd.csr 100% 1058 596.6KB/s 00:00 expect: spawn id exp6 not open while executing "expect "#" " //这里报错了,正在更新解决
spawn openssl ca -in ./httpd.csr -out httpd.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf 139978345297728:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('/etc/pki/CA/index.txt','r') 139978345297728:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79: expect: spawn id exp6 not open while executing "expect "commit" {send "y "}"