Automate CSR (Certificate Signing Request) via Java Keytool with Batch and VBscript
Hi Experts!
I have a script we use to generate a CSR which is currently used manually. I'd like to be able to run this script remotely via sys management tools and use sort of an 'answer' file for info required to generate the CSR.
I guess I have a few questions.. one, can I simply use batch for all of this and what is the syntax for reading a "file.txt" and plugging in the answers.. two, is it possible to use VBscript to plug the answers in via file.txt and can you provide a sample of this either way?
Or is there a completely different approach I should be taking?
The file.txt would exist in the same directory and it's content would simply read something like this:
website.com
IT dept.
Miami
FL
US
yes
Here's what I have so far....
Title Generate CSR@ECHO OffSet X64_SYS="C:\Program Files (x86)"Set SSL_DIR="C:\SSL"Set SSL_BK_DIR=C:\SSL\BKupSet KEY_STORE=New.keystoreREM Fetch the path of the Java installation and set as variableIF EXIST %X64_SYS% ( for /f "tokens=2*" %%a in ('reg.exe query "HKLM\SOFTWARE\Wow6432Node\Java" /v "Path" ^| find /i "Path"') do set JAVA_HOME=%%b) ELSE ( for /f "tokens=2*" %%a in ('reg.exe query "HKLM\SOFTWARE\Java" /v "Path" ^| find /i "Path"') do set JAVA_HOME=%%b)Set KTOOL="%JAVA_HOME%\bin\keytool.exe"REM Create dated working directoryecho > dateFile.txtset DATEFILE=dateFile.txtdate /t >> %DATEFILE%for /f "usebackq tokens=2-4 delims=^/ " %%p in (%DATEFILE%) do set THEDAY=%%r%%p%%qdel %DATEFILE%mkdir %SSL_DIR%mkdir %SSL_BK_DIR%cd %SSL_DIR%ECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO : ECHO : Please use caution whileECHO :ECHO : entering SSL certificate details:ECHO :ECHO : EXAMPLE:ECHO :ECHO : First and Last Name: Website.comECHO :ECHO : Organization Unit: IT DepartmentECHO :ECHO : City or Locality: CityECHO :ECHO : State or Province: StateECHO :ECHO : Country Code: USECHO :ECHO : Is this information Correct?: yesECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO :ECHO :%KTOOL% -genkey -keyalg RSA -keysize 2048 -keystore %SSL_DIR%\%KEY_STORE% -alias tomcatECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO : ECHO : !!! Verify All Certs Exist !!!ECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO :ECHO :pause%KTOOL% -list -keystore %SSL_DIR%\%KEY_STORE%ECHO :ECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO : ECHO : !!! Verify All Certs Exist !!!ECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO :ECHO :pauseECHO :ECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO : ECHO : Provide Password to export CSRECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO :ECHO :%KTOOL% -certreq -keyalg RSA -file %SSL_DIR%\New-CSR-%THEDAY%.csr -keystore %SSL_DIR%\%KEY_STORE% -alias tomcatcopy %SSL_DIR%\%KEY_STORE% %SSL_BK_DIR%\CSR-EXPORTED-%THEDAY%.Keystorecopy %SSL_DIR%\New-CSR-%THEDAY%.csr %SSL_BK_DIR%\New-CSR-%THEDAY%.csrECHO :ECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO :ECHO : Successfully Exported CSR to %SSL_DIR%ECHO :ECHO :::::::::::::::::::::::::::::::::::::::::::ECHO :ECHO :ECHO :pause
To answer your first question, yes, you can use input redirection to pass values to the command (keytool) as follows. Assume you have prompt values in a file called, file.txt. Please note password is also a prompt and needs to enetered twice to confirm. The first two values in your file.txt will be passwords. You can save prompt values separately for creating certificate request, in file2.txt
Then your keytool commands will be:
To test this you can simply create the folder C:\SSL and create a file called New.keystore in it. Set your variable manually for the java keytool and REM out the section that fetches it from the registry.
Sweet! That worked like a charm, but I have a question... why do the first '2' lines have to be the password? When you run the command manually, it only prompts once for the pw.... so I'm wondering why the answer file needs it on both lines?
0
There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.
But there shouldn't be a 'new' password in the beginning... again, running the command manually, it only asks for a pw once to get into the keystore... but whats weird is that if I don't list the pw twice (first two lines of file.txt) then it doesn't work....
I think i answered my own question... the reason is that the answer file (file.txt) was missing a line for the company name (O after OU) and was taking the 2nd pw as the first prompt after the pw... i figured this out by removing the @echo off... works great... and now the pw is only needed once on the first line.
0
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Then your keytool commands will be:
Open in new window