Sravan wrote:
sam wrote:
Hi,
I have changed the openssl.conf file, it got rid of the problem now. Thank you so much for the help.
Now there is another question to ask wrt the openssl.conf file.
When the following command enter:
openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem -passout pass:hello -config /work/ssl-conf/openssl.cnf
The program prompt for the the user enter of countryName. The result is as follow:
Generating a 1024 bit RSA private key
................++++++
..............++++++
writing new private key to 'privkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
AU [AU]:
In the openssl.conf file, the "req_distinguished_name" is defined as follow:
[ req_distinguished_name ] countryName = AU countryName_default = AU countryName_min = 2 countryName_max = 2
How can I tell openssl to assign the value of countryName (and perhaps other attributes as well after passing this step) to the final cert?
The [ req ] section of the config file contains the default-info regd a certificate request. In this section, u can have a (name, value) pair called
distinguished_name = req_distinguished_name # section containing the default values for DN
And the [ req_distinguished_name ] section can contain all the default values for the DN, like the one below
[ req_distinguished_name ] commonName= Test User [EMAIL PROTECTED] organizationName=Organization organizationalUnitName=OU localityName=Place stateOrProvinceName=State countryName=IN
With this in place, when u use the "req" command, by default, the [ req_distinguished_name ] section will be referred to for the details regd DN.
Hi, I actually want to assign the value to the attributes under [re_distinguished_name] automatically by running that openssl commandline.
I created an attribute "prompt = no" under [req]. Now I assumed the value will assign to the attributes in [req_distinguished_name] automatically, but it failed
with the following error:
]> openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem -passout pass:hello -config /work/ssl-conf/openssl.cnf
Generating a 1024 bit RSA private key
............................................++++++
.++++++
writing new private key to 'privkey.pem'
-----
problems making Certificate Request
90575:error:0B083077:x509 certificate routines:X509_NAME_ENTRY_create_by_txt:invalid field name:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/x509name.c:285:name=countryName_min
Then I tried to remove the attribute "prompt=no" under [req], and see if manually press enter at the prompt will caused problem or not, this time it does not generate any error, and the server.pem key is created. The output is as follow:
> openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem -passout pass:hello -config /work/ssl-conf/openssl.cnf
Generating a 1024 bit RSA private key
....++++++
........................++++++
writing new private key to 'privkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
AU[]:
Melb []:
Melb []:
AT Gateway []:
AT Gateway []:
my.gateway.com []:
I don't know what makes the creation of keys failed when executing the above command without uer interaction.
How can I trace where the problem occured?
Thanks sam ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
