On Tue, 8 Mar 2005 20:53:17 -0800 "Ted Mittelstaedt" <[EMAIL PROTECTED]> wrote > How about creating a config file that does not have the CN and > emailAddress > fields? Well, thanks for the suggestion. Quoting from below, > > I tried commenting out the CN and emailAddress lines in the > > configuration file, but now verifying gives me the following: > > > > The commonName field needed to be supplied and was missing And if I changed the common name to optional, their were no complaints, but the verify showed that the common name didn't make it in. Commenting them out shouldn't be different from actually removing them, I would think? > Ted > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Joel > > Sent: Tuesday, March 08, 2005 6:02 PM > > To: openssl-users@openssl.org > > Subject: configuration file seems to have priority over command line? > > > > > > I have the following in the coniguration file: > > > > [ req ] > > {...} > > prompt = no > > {...} > > [ req_distinguished_name ] > > C = JP > > ST = Hyogo > > CN = example > > emailAddress = [EMAIL PROTECTED] > > > > and I try this on the command line: > > > > openssl req -new -newkey rsa:2048 -nodes -out > > herbie9_request.pem -subj > > "/CN=herbie9/[EMAIL PROTECTED]" -keyout > > herbie9.key -config d:\data\weiss_ca\bin\weiss_user_openssl.cfg -batch > > > > The result is that common name gets set to "example" and > > emailAddress to > > "[EMAIL PROTECTED]" instead of the values I'm trying to pass through the > > -subj option on the command line. > > > > I tried commenting out the CN and emailAddress lines in the > > configuration file, but now verifying gives me the following: > > > > The commonName field needed to be supplied and was missing > > > > For now, I suppose I can resort to building a template file on the fly. > > I don't much care to build template files with MS-DOS batch files, but > > this should be fairly straightforward. (Boss does not want to install > > perl on MSWxx.) > > > > Is there some way to make the -subj on the command line override the > > contents of the configuration file? > > > > -- > > Joel Rees <[EMAIL PROTECTED]> > > digitcom, inc. 株式会社デジコム > > Kobe, Japan +81-78-672-8800 > > ** <http://www.ddcom.co.jp> ** > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] -- Joel Rees <[EMAIL PROTECTED]> digitcom, inc. 株式会社デジコム Kobe, Japan +81-78-672-8800 ** <http://www.ddcom.co.jp> ** ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
