How about creating a config file that does not have the CN and
emailAddress
fields?
Ted
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Joel
> Sent: Tuesday, March 08, 2005 6:02 PM
> To: openssl-users@openssl.org
> Subject: configuration file seems to have priority over command line?
>
>
> I have the following in the coniguration file:
>
> [ req ]
> {...}
> prompt = no
> {...}
> [ req_distinguished_name ]
> C = JP
> ST = Hyogo
> CN = example
> emailAddress = [EMAIL PROTECTED]
>
> and I try this on the command line:
>
> openssl req -new -newkey rsa:2048 -nodes -out
> herbie9_request.pem -subj
> "/CN=herbie9/[EMAIL PROTECTED]" -keyout
> herbie9.key -config d:\data\weiss_ca\bin\weiss_user_openssl.cfg -batch
>
> The result is that common name gets set to "example" and
> emailAddress to
> "[EMAIL PROTECTED]" instead of the values I'm trying to pass through the
> -subj option on the command line.
>
> I tried commenting out the CN and emailAddress lines in the
> configuration file, but now verifying gives me the following:
>
> The commonName field needed to be supplied and was missing
>
> For now, I suppose I can resort to building a template file on the fly.
> I don't much care to build template files with MS-DOS batch files, but
> this should be fairly straightforward. (Boss does not want to install
> perl on MSWxx.)
>
> Is there some way to make the -subj on the command line override the
> contents of the configuration file?
>
> --
> Joel Rees <[EMAIL PROTECTED]>
> digitcom, inc. 株式会社デジコム
> Kobe, Japan +81-78-672-8800
> ** <http://www.ddcom.co.jp> **
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
