Hi, I am using openssl 0.96 on redhat 7.1.
I am trying to write a script to generate CERTs for me, since I have hundreds of servers to generate certs for. Because of this I want to use the prompt=no option for the openssl config file. However I have multiple CN entries in my config file and I am not sure how this translates to the "Prompt=no" format of the config file, since the "prompt=no" takes a different config file format. This is my original config file format (excerpt only): [ req ] default_bits = 1024 distinguished_name = req_DN [ req_DN ] 0.countryName = "1. Country Name (2 letter code)" 0.countryName_min = 2 0.countryName_max = 2 0.countryName_default = US 0.stateOrProvinceName = "2. State or Province Name (full name) " 0.stateOrProvinceName_default = Los Angeles 0.localityName = "3. Locality Name (city name) " 0.localityName_default = California 0.organizationName = "4. Organization Name (company name) " 0.organizationName_default = ZakDen 0.organizationalUnitName = "5. Organizational Unit Name (department) " 0.organizationalUnitName_default = IT Department 0.commonName = "6. Common Name (real fqdn) " 0.commonName_max = 64 0.commonName_default = imap.zakden.com 1.commonName = "6. Common Name (real fqdn) " 1.commonName_max = 64 1.commonName_default = mail.zakden.com 2.commonName = "6. Common Name (real fqdn) " 2.commonName_max = 64 2.commonName_default = smtp.zakden.com and below you can see what currently I have for my "prompt=no" version of the file: (note: I have tried SEVERAL different ways.. NONE of them works) Does anyone know the correct syntax when dealing with multiple CNs in a "prompt=no" scenario? Thank you. Zachary. First try: --------- [ req ] default_bits = 1024 distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] C = US ST = Los Angeles L = California O = ZakDen OU = IT Department CN = imap.zakden.com CN = mail.zakden.com CN = smtp.zakden.com emailAddress = [EMAIL PROTECTED] Second Try: ----------- [ req ] default_bits = 1024 distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] C = US ST = Los Angeles L = California O = ZakDen OU = IT Department CN.1 = imap.zakden.com CN.2 = mail.zakden.com CN.3 = smtp.zakden.com emailAddress = [EMAIL PROTECTED] Third Try: ---------- [ req ] default_bits = 1024 distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] C = US ST = Los Angeles L = California O = ZakDen OU = IT Department CN = @cnlist emailAddress = [EMAIL PROTECTED] [ cnlist ] CN.1=imap.zakden.com CN.2=mail.zakden.com CN.3=smtp.zakden.com __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]