mrmichalis · September 19, 2014 23:23
diff --git a/certreq.sh b/certreq.sh
 #!/bin/bash

 # aeiocsr.bash
 #http://pastebin.com/TaGAVJKw
 #
 # Script to auto-enroll an OS X 10.5 system via an AD CA's web enrollment.
 #

 # v. .2

 # 6/3/08 - The birth of a script during a very stormy night. - Joel Rennich, [email protected]

 # Note: All in bash to make Nigel cry


 # What we need to get

 # Constants

 DOMAIN_NAME="jodapro.com"
 CA_URL="http://jodapro2k3.jodapro.com/certsrv"

 ## We should really use mktemp or something here....
 KEY="/tmp/test.key"
 CSR="/tmp/test.csr"
 CRT="/tmp/test.crt"

 # Dynamics

 MACHINE_NAME="pinky"


 ## 1 - gen csr with openssl

 openssl req -new -batch -newkey rsa:2048 -nodes -keyout "${KEY}" -out "${CSR}" -subj "/CN=${MACHINE_NAME}.${DOMAIN_NAME}"

 ## 2 - get tgt

 kinit -k ${MACHINE_NAME}$

 ## 3 - curl the csr up

 # First we do some really really ugly-looking awk work to url-encode the csr
 # Later versions of curl do this for us... but we don't have that luxury.

 ENCODED_CSR=`cat ${CSR} | hexdump -v -e '1/1 "%02x\t"' -e '1/1 "%_c\n"' |
 LANG=C awk '
    $1 == "20"                      { printf("%s",      "+");   next    }
    $2 ~  /^[a-zA-Z0-9.*()\/-]$/    { printf("%s",      $2);    next    }
                                    { printf("%%%s",    $1)             }'`

 # Now to post this to the Web Enrollment page.
 # We'll need to capture the ReqID when it finishes

 REQ_ID=`curl --negotiate -u : -d CertRequest=${ENCODED_CSR} -d SaveCert=yes -d Mode=newreq -d CertAttrib=CertificateTemplate:ComputerCerts ${CA_URL}/certfnsh.asp | sed -e '/.*location="certnew.cer?ReqID=/ !d' -e 's/.*ID=//' -e 's/&.*//'`

 ## Get the cert

 curl -o ${CRT} --negotiate -u : ${CA_URL}/certnew.cer?ReqID=${REQ_ID}&Enc=b64

 ## import the certs

 ##security
	#!/bin/bash

	# aeiocsr.bash
	#http://pastebin.com/TaGAVJKw
	#
	# Script to auto-enroll an OS X 10.5 system via an AD CA's web enrollment.
	#

	# v. .2

	# 6/3/08 - The birth of a script during a very stormy night. - Joel Rennich, [email protected]

	# Note: All in bash to make Nigel cry


	# What we need to get

	# Constants

	DOMAIN_NAME="jodapro.com"
	CA_URL="http://jodapro2k3.jodapro.com/certsrv"

	## We should really use mktemp or something here....
	KEY="/tmp/test.key"
	CSR="/tmp/test.csr"
	CRT="/tmp/test.crt"

	# Dynamics

	MACHINE_NAME="pinky"


	## 1 - gen csr with openssl

	openssl req -new -batch -newkey rsa:2048 -nodes -keyout "${KEY}" -out "${CSR}" -subj "/CN=${MACHINE_NAME}.${DOMAIN_NAME}"

	## 2 - get tgt

	kinit -k ${MACHINE_NAME}$

	## 3 - curl the csr up

	# First we do some really really ugly-looking awk work to url-encode the csr
	# Later versions of curl do this for us... but we don't have that luxury.

	ENCODED_CSR=`cat ${CSR} \| hexdump -v -e '1/1 "%02x\t"' -e '1/1 "%_c\n"' \|
	LANG=C awk '
	$1 == "20" { printf("%s", "+"); next }
	$2 ~ /^[a-zA-Z0-9.*()\/-]$/ { printf("%s", $2); next }
	{ printf("%%%s", $1) }'`

	# Now to post this to the Web Enrollment page.
	# We'll need to capture the ReqID when it finishes

	REQ_ID=`curl --negotiate -u : -d CertRequest=${ENCODED_CSR} -d SaveCert=yes -d Mode=newreq -d CertAttrib=CertificateTemplate:ComputerCerts ${CA_URL}/certfnsh.asp \| sed -e '/.location="certnew.cer?ReqID=/ !d' -e 's/.ID=//' -e 's/&.*//'`

	## Get the cert

	curl -o ${CRT} --negotiate -u : ${CA_URL}/certnew.cer?ReqID=${REQ_ID}&Enc=b64

	## import the certs

	##security