DANCE WITH JAVA

開發(fā)出高質(zhì)量的系統(tǒng)

導(dǎo)航

<

2006年10月

>

日

一

二

三

四

五

六

24

25

26

27

28

29

30

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

1

2

3

4

隨筆分類(277)

隨筆檔案(238)

閱讀排行榜

常用鏈接

統(tǒng)計

隨筆 - 239
文章 - 0
評論 - 664
引用 - 0

積分與排名

積分 - 983980
排名 - 34

好友之家

openssl 進(jìn)階（自動化）

在用 openssl 的過程中會有很厭煩的一件事情，就使須要不停的填入各種資料，是否能讓這些自動填寫呢，答案是肯定的。下邊幾個 shell 配合使用，就能完成任務(wù)， shell 是我正在使用的，沒有問題，不過可能有些東西是多余的，好在內(nèi)容不多，很容易看明白：

shell one:

#!/bin/bash

echo -n "input username:"

read USERNAME

#if [ -f bak/$USERNAME.pem ] || grep $USERNAME demoCA/newcerts -R 1>/dev/null 2>/dev/null ;then

# echo "$USERNAME's cert has already been made,revoke(openssl ca -revoke $USERNAME.pem) and delete it first"

# exit 1

#fi

echo -n "input password(length> 4):"

read PASSWORD

echo -n "input ca's password:"

read CAPASS

if [ -d bak ];then echo "bak dir exist"

else mkdir bak

fi

mv -if /usr/share/ssl/misc/*.pem bak

mv -if /usr/share/ssl/misc/*.req bak

mv -if /usr/share/ssl/misc/*.key bak

mv -if /usr/share/ssl/misc/*.p12 bak

/usr/share/ssl/misc/auto $USERNAME $PASSWORD $CAPASS

# make user dir

if [ -d /opt/certs/$USERNAME ];then

echo "ok"

else

mkdir -p /opt/certs/$USERNAME

fi

rm -rf /opt/certs/$USERNAME/* -rf

#cp $USERNAME.key $USERNAME.p12 $USERNAME.pem /edi/pss/cert/now/server/ -rf

cp $USERNAME.p12 /opt/certs/$USERNAME -rf

if [ -f SYSTEM01.p7c ]; then

cp SYSTEM01.p7c /opt/certs/$USERNAME -rf

fi

if [ -f bak/SYSTEM01.p7c ]; then

cp bak/SYSTEM01.p7c /opt/certs/$USERNAME -rf

fi

./makep7c $USERNAME

shell two:

#!/usr/bin/expect

set user [lindex $argv 0]

set pass [lindex $argv 1]

set capass [lindex $argv 2]

#spawn ./CA -newreq

spawn openssl req -new -keyout $user.key -out $user.req

expect "Enter PEM pass phrase:"

send "$pass\n"

expect "Verifying - Enter PEM pass phrase:"

send "$pass\n"

expect "]:"

send "JP\n"

expect "]:"

send "\n"

expect "]:"

send "\n"

expect "]:"

send "WAVE\n"

expect "]:"

send "WAVE Center\n"

expect "]:"

send "$user\n"

expect "]:"

send "$user@linux3.niis.com.cn\n"

expect "]:"

send "$pass\n"

expect "]:"

send "$pass\n"

#exit

#spawn ./CA -sign

expect eof

spawn openssl ca -policy policy_anything -out $user.pem -infiles $user.req

expect "cakey.pem:"

send "$capass\n"

expect "y/n]:"

send "y\n"

expect "/n]"

send "y\n"

#p12

expect eof

spawn openssl pkcs12 -export -in $user.pem -inkey $user.key -out $user.p12 -passin pass:$pass -passout pass:$pass -certfile demoCA/cacert.pem

expect eof

exit

shell three:

#!/bin/bash

if test -z $1 ;then

echo "Please input username as arg0"

exit 1

fi

USER=$1

if [ -f ./$USER.pem ]; then

echo "ok,$USER's pem exist"

else

echo "$USER's pem file not exit!!!"

exit 0

fi

cat $USER.pem demoCA/cacert.pem >tmp$USER.pem

openssl crl2pkcs7 -certfile tmp$USER.pem -nocrl -out $USER.p7c -outform DER

if [ -f $USER.p7c ]; then

echo "OK,$USER.p7c made"

else

echo "error occur"

exit 1

fi

#rm tmp$USER.pem -rf

posted on 2006-10-16 11:27 dreamstone 閱讀(855) 評論(0) 編輯收藏所屬分類: 片段

新用戶注冊刷新評論列表


只有注冊用戶登錄后才能發(fā)表評論。




網(wǎng)站導(dǎo)航: 博客園 IT新聞 Chat2DB C++博客博問管理
相關(guān)文章: html in mms or fetch remote media in mms(彩信中能否自動訪問遠(yuǎn)程資源) javascript 關(guān)聯(lián)列表的實現(xiàn)(簡單的和復(fù)雜的) javascript 動態(tài)添加刪除控件最簡單的ajax實現(xiàn) javascript兩種漸變效果進(jìn)度條的實現(xiàn) vb script實現(xiàn)殺掉進(jìn)程 javascript 禁止輸入、禁止粘帖、禁止拖放、禁止輸入法 javascript 格式化數(shù)字用vbscript來重寫javascript js轉(zhuǎn)換中把10進(jìn)制數(shù)字轉(zhuǎn)換成16進(jìn)制

DANCE WITH JAVA

導(dǎo)航

隨筆分類(277)

隨筆檔案(238)

閱讀排行榜

常用鏈接

統(tǒng)計

積分與排名

好友之家

最新評論

openssl 進(jìn)階（自動化）