I am trying to automate the installation of certificate(s):q! in jboss server. i wrote this rudimentary script:
#!/usr/bin/expect
set Temp_Dir "/tmp/install"
set jboss_sec "/opt/jboss/security"
set jboss_prof "/opt/jboss/profiles/CLOUD_0000"
set fokp [open "/tmp/install/keystore.pw" r]
set frkp [read $fokp]
spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/'Symantec_Class_3_Secure_Server_CA_-_G4.cer' -alias Symantec
expect { "Enter keystore password\r" { send "$frkp\r" }}
expect { "Owner\r" { send "yes\r" } eof }
spawn sudo keytool -import -keystore $jboss_sec/server_keystore.jks -file $Temp_Dir/mqcert/TRMISMQtestSwifNetCertauth.cer -alias TRMISMQtestSwifNetCertauth
expect { "Enter keystore password\r" { send "$frkp\r" }}
expect { "Trust this certificate?\r" { send "yes\r" } eof }
Output::
cloud-user@jboss-vm1-98ojcp:~ $ ./Step3-tcl-script.sh
spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/'Symantec_Class_3_Secure_Server_CA_-_G4.cer' -alias Symantec
Enter keystore password: spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/TRMISMQtestSwifNetCertauth.cer -alias TRMISMQtestSwifNetCertauth
Enter keystore password: (DEV) cloud-user@jboss-vm1-98ojcp:~ $
And the cerfitcates are not installing because its not going for second expect where it is asking for "Trust this certificate?"
If i run the command manually
cloud-user@jboss-vm1-98ojcp:/tmp/install/mqcert $ sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file Symantec_Class_3_Secure_Server_CA_-_G4.cer -alias Symantec
Enter keystore password:
Owner: CN=Symantec Class 3 Secure Server CA - G4, OU= Trust Network, O= Corporation, C=US
Issuer: CN= Public Primary Certification Authority - G5, OU="(c) 2006 - For authorized use only", OU=Trust Network, C=US
Serial number: 513fb9743870b734404
Valid from: Wed Oct 30 20:00:00 EDT 2013 until: Mon Oct 30 19:59:59 EDT 2023
Certificate fingerprints:
MD5: 23:D5:85:F7:26:C5
SHA1: FF:E1:8B:CC:E1:D7:0F:DA:BD:7C:86:61:35
SHA256: EA::98:D0:F0:D6:A9:CF:17
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://s2.symcb.com
]
]
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7F D3 65 A7 F3 43 39 FA 02 ..e......0..C9..
0010: AF 33 31 33 .313
]
]
#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://s.crl]
]]
#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 2F 77 77 77 2E 73 79 6D ..http://www.sym
0010: 61 75 74 68 2E 63 6F 6D 2F 63 70 73 auth.com/cps
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 303 0...http://www.s
0010: 79 6D 61 75 74 68 2E 63 6F 6D 2F 72 70 61 ymauth.com/rpa
]] ]
]
#6: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=PKI-1-534
]
#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
00: 5F 60 CF 61 90 55 DF 84 60 2A B2 F5 7A _`.a.U..C..`*..z
00: F4 4 EF .C..
]
]
Trust this certificate? [no]: no
Certificate was not added to keystore
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /opt/jboss/security/server_keystore.jks -destkeystore /opt/jboss/security/server_keystore.jks -deststoretype pkcs12".
Am i doing any mistake in anywhere?