shell脚本练习(autocert)

#!/bin/bash
#By Spinestars
#20131118 #name:ca_cert
#certficate ca cd
/etc/pki/CA/auto num=$RANDOM mv ./cert.csr ./cert$num.csr openssl ca -in ./cert$num.csr -out ./cert$num.crt cp ./cert$num.crt /tmp/cert.crt
#!/bin/bash
#By Spinestars
#20131118 #name:create_ca
cd
/etc/pki/CA umask 077 openssl genrsa -out private/cakey.pem 2048 openssl req -new -x509 -key private/cakey.pem -out cacert.pem [ -f index.txt ] || touch index.txt [ -f serial ] || echo '01' > serial

主体脚本:

#!/bin/bash
#By Spinestars
#20131118
#name:autocert #create ssh_key,ssh免验证 createsshkey(){ #client --> ca_server #本地创建私钥 ssh-keygen -t rsa -P '' #传递到ca ssh-copy-id -i ~/.ssh/id_rsa.pub root@$1 #ca_server --> client #远程连接到ca,并判定id_rsa是否存在,若不存在则ssh-keygen生成私钥,这里-p后面直接跟空密码可能不行,删除-p参数可以 ssh root@$1 "[ -e /root/.ssh/id_rsa ] || ssh-keygen -t rsa -P ''" #远程拉取ca的id_rsa.pub到本地~/.ssh/下,并改名为authorized_keys,同时更改权限 scp root@$1:/root/.ssh/id_rsa.pub ~/.ssh/authorized_keys && chmod 640 ~/.ssh/authorized_keys } ca_dir="/etc/pki/CA/" #create ca_server ca服务器创建 createca(){ echo '创建CA服务器(create ca_server)...................' #ssh执行ca服务器上的创建ca服务器的脚本 ssh root@$1 "bash $2auto/create_ca" echo -e "ca server [\e[1;32m OK \e[0m]" } #certficate ca 证书签署 certficate_ca(){ echo '证书签署...............' #ssh执行ca服务器上的证书签署脚本ca_cert ssh root@$1 "bash $2auto/ca_cert" #将生成的客户端证书复制到本地 scp root@$1:/tmp/cert.crt ./ } #create client_cert 证书申请 createclicrt(){ read -p '本地证书申请(create client crt)!go on <any press> or exit <ctrl + c>!' umask 077 openssl genrsa -out ./cert.key 2048 openssl req -new -key ./cert.key -out ./cert.csr #将本地生成的csr申请传送到ca服务器的/etc/pki/CA/auto目录内 scp ./cert.csr root@$1:$2auto #调用证书签署函数 certficate_ca $1 $2 [ -e cert*.crt ] && echo -e "申请成功(client crt) [\e[1;32m OK \e[0m]" || echo -e "申请失败(client crt) [\e[1;31m Failure \e[0m]" } #ca服务器ip地址 echo 'Please su - to root!' read -p '输入CA服务器地址(Please input ca_server_ip):' ca_ip #ssh免验证脚本 [ -e ~/.ssh/id_rsa ] || createsshkey $ca_ip #创建ca服务器临时目录,并传递脚本 ssh root@$ca_ip "[ -e ${ca_dir}auto ] || mkdir ${ca_dir}auto" scp -r ./* root@$ca_ip:${ca_dir}auto #创建ca read -p '是否创建CA服务器(create ca_server)?[yes/no]' yn [ $yn == 'yes' ] && createca $ca_ip $ca_dir #证书申请 createclicrt $ca_ip $ca_dir

目的:自动创建证书.

使用方法:

web端:将三个脚本复制到同一个目录内,并改名为脚本中name后所标示的名字,并赋予执行权限.之后执行主体脚本

期间创建ca的时候,需要指定ca的ip

获取的证书,最后存放在脚本所在目录内.

posted @ 2014-04-04 10:50  星空刺  阅读(361)  评论(0编辑  收藏  举报