我创建了一个证书颁发机构,需要生成并签署50个证书.我想编写这个过程的脚本.我不想手动输入密码100次! 这是我被挂断的命令: openssl req -newkey rsa:1024 -keyout ~/myCA/tempkey.pem -keyform PEM
这是我被挂断的命令:
openssl req -newkey rsa:1024 -keyout ~/myCA/tempkey.pem -keyform PEM -out ~/myCA/tempreq.pem -outform PEM
问题是,它要我用这些提示创建一个密码:
Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
当我被要求输入密码时,我可以使用openssl的-passin pass:mypass命令行选项.但这似乎不适用于创建密码.
此外,稍后我需要输入密码似乎很奇怪我最终将其删除:
openssl rsa < tempkey.pem > server_key.pem
我尝试创建一个简单的Ruby脚本:
require 'open3'
Open3.popen2("openssl req -newkey rsa:1024 -keyout ~/myCA/tempkey.pem -keyform PEM -out ~/myCA/tempreq.pem -outform PEM") {|i,o,t|
i.puts "mySecretPassword"
i.puts "mySecretPassword"
}
但这似乎也不起作用.我最后还是手动提示,要求我创建一个密码.
问题是大多数希望密码确实需要交互式终端的实用程序.因此,如果你试图伪造它(就像你使用Ruby脚本那样)它将无法工作.你也可以尝试:echo -n "pass\npass\n" | openssl req ....
虽然这将适用于某些程序,但那些需要interative shell的程序将无效.
您正在搜索名为expect的工具.将它安装在UNIX / Linux / MacOS上并查看手册页:
man expect ... Expect is a program that "talks" to other interactive programs according to a script. Following the script, Expect knows what can be expected from a program and what the correct response should be. An interpreted language pro‐ vides branching and high-level control structures to direct the dialogue. In addition, the user can take control and interact directly when desired, afterward returning control to the script. ...
您需要创建“expect script”,它实际上取决于您的环境 – 应用程序要求的内容.如果它只是一个密码,它应该很简单.这是一个更复杂的例子:http://fixunix.com/openssl/159046-expect-script-doesnt-create-newreq-pem.html
我认为这应该有效(你可能需要稍微修改一下):
#!/usr/bin/expect -f
spawn -console openssl req blah blah blah blah
expect "Enter PEM pass phrase:*" {send "password\r"}
expect "Verifying - Enter PEM pass phrase:*" {send "password\r"}
祝好运!