sh 一个将生成CA的脚本,将CA导入到钥匙串中,然后它将创建一个证书并与CA签名,然后将其导入到

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh 一个将生成CA的脚本,将CA导入到钥匙串中,然后它将创建一个证书并与CA签名,然后将其导入到相关的知识,希望对你有一定的参考价值。

#!/usr/bin/expect

cd /private/tmp

#This will create the CA for PretendCo

spawn /usr/bin/openssl genrsa -des3 -out PretendCoCA.key 2048
expect "Enter pass phrase for PretendCoCA.key:" 
send "Apple321!\r"
expect "Verifying - Enter pass phrase for PretendCoCA.key:" 
send "Apple321!\r"
interact

#This will create turn the key file into a pem file


spawn /usr/bin/openssl req -x509 -new -nodes -key PretendCoCA.key -sha256 -days 1825 -out PretendCoCA.pem

expect "Enter pass phrase for PretendCoCA.key:" 
send "Apple321!\r"
expect "Country Name (2 letter code) []:"
send "US\r"
expect "State or Province Name (full name) []:"
send "CA\r"
expect "Locality Name (eg, city) []:"
send "Cupertino\r"
expect "Organization Name (eg, company) []:"
send "PretendCo\r"
expect "Organizational Unit Name (eg, section) []:"
send "\r"
expect "Common Name (eg, fully qualified host name) []:"
send "PretendCo CA\r"
expect "Email Address []:"
send "admin@pretendco.com\r"
interact

#This will import the pem file into the Keychain
set prompt {\$ $}
spawn /bin/bash
expect -re $prompt
send "/usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /private/tmp/PretendCoCA.pem"
send "\r"
expect eof

#This will create a certificate for intranet.pretendo.com

spawn /usr/bin/openssl genrsa -out intranet.pretendco.com.key 2048
expect eof

spawn /usr/bin/openssl req -new -key intranet.pretendco.com.key -out intranet.pretendco.com.csr
expect "Country Name (2 letter code) []:"
send "US\r"
expect "State or Province Name (full name) []:"
send "CA\r"
expect "Locality Name (eg, city) []:"
send "Cupertino\r"
expect "Organization Name (eg, company) []:"
send "PretendCo\r"
expect "Organizational Unit Name (eg, section) []:"
send "\r"
expect "Common Name (eg, fully qualified host name) []:"
send "intranet.pretendco.com\r"
expect "Email Address []:"
send "admin@pretendco.com\r"
expect "Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []"
send "Apple321!\r"
interact

#This will create the attributes file
set prompt {\$ $}
set altNames {[alt_names]}
spawn /bin/bash
expect -re $prompt
send "cat <<EOF >intranet.pretendo.com.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

$altNames
DNS.1 = intranet.pretendco.com
EOF"
send "\r"
expect eof

#This will sign the certifiate request

spawn /usr/bin/openssl x509 -req -in intranet.pretendco.com.csr -CA PretendCoCA.pem -CAkey PretendCoCA.key -CAcreateserial -out intranet.pretendco.com.crt -days 1825 -sha256 -extfile intranet.pretendo.com.ext
expect "Enter pass phrase for PretendCoCA.key:"
send "Apple321!\r"
interact

#This will import the pem file into the Keychain
set prompt {\$ $}
spawn /bin/bash
expect -re $prompt
send "/usr/bin/security import intranet.pretendco.com.crt -k /Library/Keychains/System.keychain"
send "\r"
expect eof

以上是关于sh 一个将生成CA的脚本,将CA导入到钥匙串中,然后它将创建一个证书并与CA签名,然后将其导入到的主要内容,如果未能解决你的问题,请参考以下文章

如何在 iPhone 钥匙串中建立 SecIdentityRef? (没有 .p12)

sh 将敏感环境变量存储在钥匙串中,根据每个应用程序有选择地设置它们。

数字证书的签发(CA证书)及使用

在 x509 基本约束中检测 CA:TRUE

将 DDL 导入到 CA Erwin Data Modeller r9.64 并带有注释

来自 CA 的 PKCS12 Java 密钥库和 Java 中的用户证书