sh 一个将生成CA的脚本,将CA导入到钥匙串中,然后它将创建一个证书并与CA签名,然后将其导入到
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh 一个将生成CA的脚本,将CA导入到钥匙串中,然后它将创建一个证书并与CA签名,然后将其导入到相关的知识,希望对你有一定的参考价值。
#!/usr/bin/expect
cd /private/tmp
#This will create the CA for PretendCo
spawn /usr/bin/openssl genrsa -des3 -out PretendCoCA.key 2048
expect "Enter pass phrase for PretendCoCA.key:"
send "Apple321!\r"
expect "Verifying - Enter pass phrase for PretendCoCA.key:"
send "Apple321!\r"
interact
#This will create turn the key file into a pem file
spawn /usr/bin/openssl req -x509 -new -nodes -key PretendCoCA.key -sha256 -days 1825 -out PretendCoCA.pem
expect "Enter pass phrase for PretendCoCA.key:"
send "Apple321!\r"
expect "Country Name (2 letter code) []:"
send "US\r"
expect "State or Province Name (full name) []:"
send "CA\r"
expect "Locality Name (eg, city) []:"
send "Cupertino\r"
expect "Organization Name (eg, company) []:"
send "PretendCo\r"
expect "Organizational Unit Name (eg, section) []:"
send "\r"
expect "Common Name (eg, fully qualified host name) []:"
send "PretendCo CA\r"
expect "Email Address []:"
send "admin@pretendco.com\r"
interact
#This will import the pem file into the Keychain
set prompt {\$ $}
spawn /bin/bash
expect -re $prompt
send "/usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /private/tmp/PretendCoCA.pem"
send "\r"
expect eof
#This will create a certificate for intranet.pretendo.com
spawn /usr/bin/openssl genrsa -out intranet.pretendco.com.key 2048
expect eof
spawn /usr/bin/openssl req -new -key intranet.pretendco.com.key -out intranet.pretendco.com.csr
expect "Country Name (2 letter code) []:"
send "US\r"
expect "State or Province Name (full name) []:"
send "CA\r"
expect "Locality Name (eg, city) []:"
send "Cupertino\r"
expect "Organization Name (eg, company) []:"
send "PretendCo\r"
expect "Organizational Unit Name (eg, section) []:"
send "\r"
expect "Common Name (eg, fully qualified host name) []:"
send "intranet.pretendco.com\r"
expect "Email Address []:"
send "admin@pretendco.com\r"
expect "Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []"
send "Apple321!\r"
interact
#This will create the attributes file
set prompt {\$ $}
set altNames {[alt_names]}
spawn /bin/bash
expect -re $prompt
send "cat <<EOF >intranet.pretendo.com.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
$altNames
DNS.1 = intranet.pretendco.com
EOF"
send "\r"
expect eof
#This will sign the certifiate request
spawn /usr/bin/openssl x509 -req -in intranet.pretendco.com.csr -CA PretendCoCA.pem -CAkey PretendCoCA.key -CAcreateserial -out intranet.pretendco.com.crt -days 1825 -sha256 -extfile intranet.pretendo.com.ext
expect "Enter pass phrase for PretendCoCA.key:"
send "Apple321!\r"
interact
#This will import the pem file into the Keychain
set prompt {\$ $}
spawn /bin/bash
expect -re $prompt
send "/usr/bin/security import intranet.pretendco.com.crt -k /Library/Keychains/System.keychain"
send "\r"
expect eof
以上是关于sh 一个将生成CA的脚本,将CA导入到钥匙串中,然后它将创建一个证书并与CA签名,然后将其导入到的主要内容,如果未能解决你的问题,请参考以下文章
如何在 iPhone 钥匙串中建立 SecIdentityRef? (没有 .p12)
sh 将敏感环境变量存储在钥匙串中,根据每个应用程序有选择地设置它们。
数字证书的签发(CA证书)及使用
在 x509 基本约束中检测 CA:TRUE
将 DDL 导入到 CA Erwin Data Modeller r9.64 并带有注释
来自 CA 的 PKCS12 Java 密钥库和 Java 中的用户证书