I've been wrestling with this for a few days and I'm not sure what I'm doing wrong. I'm writing a script that will eventually sign several certificate signing requests (CSRs) using openssl. But for now, I can't get it to sign a single one.
Here are the beginning and the signing portions of the script as they are now. Instead of using an argument to input the passphrase, I'm defining it in a variable and have it printed out to prove that perl is getting the passphrase OK.
************************************************** ***
Expand|Select|Wrap|Line Numbers
- #!/usr/bin/perl
- use Expect;
- use IO::Socket;
- use strict;
- use warnings;
- my $pass = "pa\$\$sphrase\n";
- print "$pass";
- ############################
- # on to the signing.....
- ############################
- print "\nAttempting to sign $csr to $crt...\n\n";
- my $sign_command = system ("openssl x509 -CA CA.crt -CAkey CA.key -req -CAserial CA.srl -req -in $csr -out $crt -days 1825");
- my $enter = ("Enter pass phrase for CA.key:");
- my $exp = new Expect;
- $exp->debug(2);
- $exp->raw_pty(0);
- $exp->spawn($sign_command)
- or die "Cannot spawn sign_command.\n";
- $exp->match("$enter");
- $exp->send ("$pass\r");
- $exp->soft_close();
- print "\n$csr successfully signed into $crt\n";
Expand|Select|Wrap|Line Numbers
- pa$$phrase
- Attempting to sign good.csr to good.crt...
- Signature ok
- subject=/C=US/ST=State/O=MyCompany LLC/CN=internal.domain.company.com
- Getting CA Private Key
- Enter pass phrase for CA_NSO.key:
...and that's as far as it gets. Either the $exp->match isn't right or $exp->send isn't really sending. Debug isn't telling me anything and sticking in print statements between the $exp statements doesn't print anything because it's in the middle of an openssl session (at least that's what I think). Is there a way that I can narrow down if expect is seeing match or not sending the passphrase?
Thanks,
-Sean