Here is an OpenSSL command that I have had success with this in the past. openssl req -new -out certreq.pem -subj '/C=US/ST=Arizona/L=City/O=Organization/CN=My Common Name' -passout pass:password Of course this certificate request needs to be signed by the CA to become a valid certificate openssl ca -batch -keyfile cakey.pem -cert cacert.pem -key password -out cert.pem -infiles certreq.pem Note: The use of the -key option may not be a good idea, as it bares the Root Key password in cleartext. Similarly, the use of the -passout option in the first command bares the new private key password (corresponding to the new certificate). While this is not as big of deal as revealing the Root Key password, it is sitll a risk. However, this method allows one to create a certificate without input on the command line. Leaving either of these options out, OpenSSL will prompt you to type in the password. Also, any options that are not explicitly set via command line options (key length and algorithm, message digest, etc...) will be obtained from the config file. You can also go the other way with this and put all of the settings in the configuration file (passwords, subj, etc...). Hope this helps.
Ryan G Smith General Dynamics C4 Systems West (GDC4S West) 8220 E. Roosevelt Scottsdale, AZ 85257 Office: (480) 441-0708 [EMAIL PROTECTED] This email message is for the sole use of the intended recipient(s) and may contain GDC4S confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender by reply email and destroy all copies of the original message. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Urjit Gokhale Sent: Wednesday, August 08, 2007 6:11 AM To: openssl-users@openssl.org Subject: Automated certificate creation Hi, while creating certificate requests using openssl, one is prompted for some information like Country name, Sate, Locality name etc. Though these parameters have defaults set, one has to hit return to move ahead. Is there a way to achieve this without being prompted for any information (either by using default values, or making the appropriate values in some file) ? I believe this can be done through some script, but I was just wondering if such a script already exists. Any hint towards achieving this will be highly appreciated. thank you, ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
