Here is an OpenSSL command that I have had success with this in the past. openssl req -new -out certreq.pem -subj '/C=US/ST=Arizona/L=City/O=Organization/CN=My Common Name' -passout pass:password Of course this certificate request needs to be signed by the CA to become a valid certificate openssl ca -batch -keyfile cakey.pem -cert cacert.pem -key password -out cert.pem -infiles certreq.pem Note: The use of the -key option may not be a good idea, as it bares the Root Key password in cleartext. Similarly, the use of the -passout option in the first command bares the new private key password (corresponding to the new certificate). While this is not as big of deal as revealing the Root Key password, it is sitll a risk. However, this method allows one to create a certificate without input on the command line. Leaving either of these options out, OpenSSL will prompt you to type in the password. Also, any options that are not explicitly set via command line options (key length and algorithm, message digest, etc...) will be obtained from the config file. You can also go the other way with this and put all of the settings in the configuration file (passwords, subj, etc...). Hope this helps.
Ryan G Smith ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]