I found my error. I forgot to wait until openssl command completed before
exiting expect. I added "expect eof" when sequence of commands was done and
everything worked. I originally exited as soon as I enter the pass phrases.
Therefore, to automate signing a request I used the following script
#!/usr/bin/expect -f
log_user 0
spawn CA.sh -sign
expect "PEM pass phrase:"
send "$capassword\n"
expect "Certificate ?"
send "y\r"
expect ""commit?"
send "y\r"
expect eof
-----Original Message-----
From: Dr Stephen Henson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, August 16, 1999 6:07 PM
Subject: Re: openssl pkcs12 and Expect
>Arend van der Veen wrote:
>>
>> Hi,
>>
>> I am using Expect to automate certificate generation. The last step
>> involves exporting the certificate into pkc212 format. Everything works
>> great when I type the commands directly. However, when I execute the
>> command in Expect the output file has zero length.
>>
>> The format of the command is:
>>
>> spawn openssl pkcs12 -export -in newcert.pem -inkey newkey.pem -name
>> "Certificate Name" -certfile cacert.pem -out newcert.p12
>> expect "PEM pass phrase:"
>> send "password\r"
>> expect "Export Password:"
>> send "password\r"
>> expect "Export Password:"
>> send "password\r"
>>
>> No error is generated but newcert.p12 usually is zero length. I am using
>> other openssl commands successfully in Expect.
>>
>> Has anybody elso ran into this problem with openssl and the pkcs12
command ?
>>
>
>Hmmm. Can you handle passwords with other utilities like 'rsa'. OpenSSLs
>password prompting is a bit unusual.
>
>In the case of the PKCS#12 utility you can also use two other options to
>include the password on the command line. If you do:
>
>-envpass PASSENV
>
>then it takes the password from the PASSENV environment variable.
>Alternatively you can do:
>
>-password pass
>
>to include the password on the command line. WARNING process utilities
>like 'ps' can be used to view the password on some platforms (e.g.
>typical Unix).
>
>Steve.
>--
>Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
>Personal Email: [EMAIL PROTECTED]
>Senior crypto engineer, Celo Communications: http://www.celocom.com/
>Core developer of the OpenSSL project: http://www.openssl.org/
>Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
