On 2 Apr 2002, Aleix Conchillo wrote: > On Tue, 2002-04-02 at 11:50, Sarath Chandra M wrote: > > Hi, > > Is there way to create certificates using openssl in a noninteractive > > mode ? All the required > > values (common name, email, organization, ou etc) will be captured using > > a unix shell script > > and passed to openssl commands. > > Is it possible. Any help will be highly appreciated. > > > > i do it this way. there is probably a better one: > > openssl req -new -key prikey.pem -out req.csr < info_file > > where info_file is a generated file (in this case with your shell > script) and looks like this: > > ------ > ES > Your state > Your city > Your organization > Your organizational unit > Your name > ------ > > if you don't want to fill any of the fields just leave a blank line.
You can also just modify the .conf file to not prompt, e.g., I have something like this in a customized version of openssl.conf [req] ... prompt = no ... [req_distinguished_name] countryName = US stateOrProvinceName = Missouri localityName = STL organizationName = FOO organizationalUnitName = BAR commonName = $ENV::cert_owner emailAddress = $ENV::MAILADDR This way I'm not prompted. commonName and emailAddress take their values from the environment variables "cert_owner" and "MAILADDR", respectively. If your CA private key has a passphrase, you can also use the -passin option to provide the passphrase via a multitude of ways. -cj PS BTW, I cobbled together this knowledge from docs/openssl.txt and the various manpages (req, x509, etc.) -- Chris Cleeland, cleeland_c @ ociweb.com, http://www.milodesigns.com/~chris Principal Software Engineer, Object Computing, Inc., +1 314 579 0066 Support Me Supporting Cancer Survivors in Ride for the Roses 2002 >>>>>>>>> Donate at http://www.milodesigns.com/donate <<<<<<<<< ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
