我正在使用 Fabric 自动创建 SSL,但是当我运行类似
local('openssl genrsa -out /etc/ssl/'+hostname+'/'+hostname+'.key 2048')
它会提示我输入国家、州、电子邮件地址等。我能做些什么(可能使用 openssl.cnf?)来防止用户需要通过这些提示进行输入,或者人们通常只是使用类似的东西来破解它期待?
更新:
如果我将prompt=no我的 openssl.cnf放入cd,/ssdhome/development/server然后运行:
sudo openssl req -new -key './server.key' -out './server.csr' -config='./openssl.cnf'
openssl 打印出help信息而不是运行上述命令。我哪里出错了?
更新 2:-config 不应该有一个 '=' 符号,而是一个空格。解决了。还链接到我的 openssl.cnf 副本以使其正常工作:
See How to answer to prompts automatically with python fabric?
from ilogue.fexpect import expect, expecting, run
def sample():
private_key = "password"
hostname = "ubuntu"
output_dir = '/etc/ssl/' + hostname
prompts = []
prompts += expect('Enter pass phrase for private.key:',private_key)
prompts += expect('Verifying - Enter pass phrase for private.key:private_key',private_key)
prompts += expect('Enter pass phrase for %s/server.key:' % output_dir, private_key)
prompts += expect('Country Name \(2 letter code\) \[AU\]:','AU')
prompts += expect('State or Province Name \(full name\) \[Some-State\]:','State')
prompts += expect('Locality Name \(eg, city\) \[\]:','City')
prompts += expect('Organization Name \(eg, company\) \[Internet Widgits Pty Ltd\]:','Company')
prompts += expect('Organizational Unit Name \(eg, section\) \[\]:','Section')
prompts += expect('Common Name \(e.g. server FQDN or YOUR name\) \[\]:','FQDN')
prompts += expect('Email Address \[\]:','email@foo.com')
prompts += expect('A challenge password \[\]:','challenge_password')
prompts += expect('An optional company name \[\]:','optional_company')
with expecting(prompts):
run('openssl genrsa -des3 -out %s/server.key 2048' % output_dir)
run('openssl req -new -key %s/server.key -out %s/server.csr' % (output_dir, output_dir))
# fab sample -H localhost
the regular expression is applied to expect(), you need to escape [, ], (, ) ...
感谢用户 alecxe,使用https://help.ubuntu.com/community/OpenSSL来prompt=no停止抛出错误并自动化提示。-config ./openssl.cnf