Hi,
I am using openssl 0.96 on redhat 7.1.
I am trying to write a script to generate CERTs for
me, since I have hundreds of servers to generate certs
for. Because of this I want to use the prompt=no
option for the openssl config file. However I have
multiple CN entries in my config file and I am not
sure how this translates to the "Prompt=no" format of
the config file, since the "prompt=no" takes a
different config file format.
This is my original config file format (excerpt only):
[ req ]
default_bits = 1024
distinguished_name = req_DN
[ req_DN ]
0.countryName = "1. Country Name
(2 letter code)"
0.countryName_min = 2
0.countryName_max = 2
0.countryName_default = US
0.stateOrProvinceName = "2. State or
Province Name (full name) "
0.stateOrProvinceName_default = Los Angeles
0.localityName = "3. Locality Name
(city name) "
0.localityName_default = California
0.organizationName = "4. Organization
Name (company name) "
0.organizationName_default = ZakDen
0.organizationalUnitName = "5. Organizational
Unit Name (department) "
0.organizationalUnitName_default = IT Department
0.commonName = "6. Common Name
(real fqdn) "
0.commonName_max = 64
0.commonName_default = imap.zakden.com
1.commonName = "6. Common Name
(real fqdn) "
1.commonName_max = 64
1.commonName_default = mail.zakden.com
2.commonName = "6. Common Name
(real fqdn) "
2.commonName_max = 64
2.commonName_default = smtp.zakden.com
and below you can see what currently I have for my
"prompt=no" version of the file:
(note: I have tried SEVERAL different ways.. NONE of
them works)
Does anyone know the correct syntax when dealing with
multiple CNs in a "prompt=no" scenario?
Thank you.
Zachary.
First try:
---------
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = US
ST = Los Angeles
L = California
O = ZakDen
OU = IT Department
CN = imap.zakden.com
CN = mail.zakden.com
CN = smtp.zakden.com
emailAddress = [EMAIL PROTECTED]
Second Try:
-----------
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = US
ST = Los Angeles
L = California
O = ZakDen
OU = IT Department
CN.1 = imap.zakden.com
CN.2 = mail.zakden.com
CN.3 = smtp.zakden.com
emailAddress = [EMAIL PROTECTED]
Third Try:
----------
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = US
ST = Los Angeles
L = California
O = ZakDen
OU = IT Department
CN = @cnlist
emailAddress = [EMAIL PROTECTED]
[ cnlist ]
CN.1=imap.zakden.com
CN.2=mail.zakden.com
CN.3=smtp.zakden.com
__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
