Hi,

I've been wrestling with this for a couple of weeks and I'm not sure what I'm doing wrong. I'm writing a script that will eventually sign several certificate signing requests (CSRs) using openssl. But for now, I can't get it to sign a single one.

Here are the beginning and the signing portions of the script as they are now. Instead of using an argument to input the passphrase, I'm defining it in a variable and have it printed out to prove that perl is getting the passphrase OK.

************************************************** *** 

#!/usr/bin/perl
 
use Expect;
use IO::Socket;
use strict;
use warnings;

$Expect::Exp_Internal = 1; # for debugging...

my $pass = "pa\$\$sphrase\n";
print "$pass";
 
############################
# on to the signing portion...
############################
 
print "\nAttempting to sign $csr to $crt...\n\n";
 
my $sign_command = system ("openssl x509 -CA CA.crt -CAkey CA.key -req
+ -CAserial CA.srl -req -in $csr -out $crt -days 1825");
 
my $enter = ("Enter pass phrase for CA.key:");
 
my $exp = new Expect;
$exp->exp_internal(1); 
$exp->debug(3);
$exp->raw_pty(0);
$exp->spawn($sign_command)
    or die "Cannot spawn sign_command.\n";
 
$exp->match("$enter");
$exp->send ("$pass\r");
$exp->soft_close();
 
print "\n$csr successfully signed into $crt\n";

[download]

********************************************

But this is as far as the script goes when run:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

pa$$phrase
 
Attempting to sign good.csr to good.crt...
 
Signature ok
subject=/C=US/ST=State/O=MyCompany LLC/CN=internal.domain.company.com
Getting CA Private Key
Enter pass phrase for CA_NSO.key:

[download]

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

...and that's as far as it gets. Either the $exp->match isn't right or $exp->send isn't really sending. Debug isn't telling me anything and sticking in print statements between the $exp statements doesn't print anything because it's in the middle of an openssl session (at least that's what I think). Is there a way that I can narrow down if expect is even looking for a match or not sending the passphrase?

Thanks,

-Sean

In reply to signing SSL certs with openssl using Expect by seanovision

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.