> - Am I correct that the only way to do this is to put the various
> values into openssl.cfg? Or is there a way to pass them on the
> command line?
You can use the ENV:: construct to read them from the environment.
> - If I have to use the config file, is there any way to specify
> two config files (the default and the one with the CSR data)?
You can have one config with basically *just* the CSR, and then use the
"main" openssl config file for the ca command (to sign things).
> - If not, is there some documentation on the minimum information
> needed in the config file to create a CSR, so that I can create a
> basic one rather than replicating every field in the default file?
I'm attaching a shar file file of the scripts I've used a couple of times.
They create a PKI hierarchy and generate certs for signature and SSL. I
also generated the keypairs, since this stuff was only used on for
conference demo's, and it was easier and quicker this way. The scripts,
written in classic unix shell, show several of the above techniques.
/r$
--
SOA Appliances
Application Integration Middleware
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
