I've done this before, but for the life of me I can't remember the right
options in the openssl.cnf file.. And, unfortuntely, when I upgaded to
openssl 0.9.5a a while back, it over wrote my openssl.cnf file.. of
course, I didn't discover this until today. :(
I used to generate my certificates via the following script:
#!/bin/sh
if [ "x$1" = "x" ]; then
echo
echo "Usage: $0 <certificate_file_name>"
echo
exit;
fi
ssldir=/usr/bin
conf=/etc/openssl.cnf
certs_dir=/etc/ssl/certs
cert=$1
$ssldir/openssl req -new -x509 -days 365 -config $conf \
-out $certs_dir/$cert -keyout $certs_dir/$cert
$ssldir/openssl gendh -rand \
`test -c /dev/urandom && echo /dev/urandom` 512 >>
$certs_dir/$cert
$ssldir/openssl x509 -subject -dates -fingerprint -noout \
-in $certs_dir/$cert
chmod 600 $certs_dir/$cert
It still generates the proper certificates, but, when processing the
"openssl req" line, it immediately prompts me for a pass phrase. How
can I set up my openssl.cnf file in such a way as to avoid it asking for
the pass phrase?
The certificates I am currently using don't have the passphrase
requirement (thankfully) specifically because these certificates are
being served from a server. I'm using them with apps like stunnel to
wrap IMAP and POP, as wel as with apache to allow for HTTPS...
I'm not an active member of the list, but, after exhausting all
resources (previous places of employment, backups that didn't go back
far enough, on-line FAQ, etc), I thought I would try sending this in to
the list.. I'm sure it is a simple flag somewhere, but I'm giving
myself a headache trying to remember what it was....
Thanks for your help!
-Rich
--
Richard West mailto:[EMAIL PROTECTED]
Sr. Systems Administrator
DivaTV Systems - Princeton, NJ http://www.divatv.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
