Re: Automating Openssl commands

2003-06-06 Thread Kwan Hon Luen 
Hi,

How do I automate the signing of server certificate by a CA ?
without the following prompt:

(1) Enter PEM pass phrase:
(2) Sign the certificate?
(3) commit?

Thanks.
Hon Luen


F:\openssl_testopenssl ca -policy policy_anything -out
test_cert.pem -config test.conf -infiles test_new.pem
Using configuration from test.conf
Loading 'screen' into random state - done
Enter PEM pass phrase: 
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName   :PRINTABLE:'AU'
stateOrProvinceName   :PRINTABLE:'AU'
localityName  :PRINTABLE:'AU'
organizationName  :PRINTABLE:'TEST'
organizationalUnitName:PRINTABLE:'TEST'
commonName:PRINTABLE:'192.168.168.222'
Certificate is to be certified until Jun  5 08:25:47 2004 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated




- Original Message - 
From: Michael Czapski [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 4:53 AM
Subject: RE: Automating Openssl commands


 You could try something like:

 echo [ req ]  abc\abc_csr.conf
 echo distinguished_name=req_distinguished_name  abc\abc_csr.conf
 echo req_extensions = v3_req   abc\abc_csr.conf
 echo prompt=no  abc\abc_csr.conf
 echo [ req_distinguished_name ]  abc\abc_csr.conf
 echo C=AU  abc\abc_csr.conf
 echo ST=New South Wales  abc\abc_csr.conf
 echo L=Sydney  abc\abc_csr.conf
 echo O=Doddgy Brothers Very Limited   abc\abc_csr.conf
 echo OU=Security Division  abc\abc_csr.conf
 echo [EMAIL PROTECTED]  abc\abc_csr.conf
 echo [EMAIL PROTECTED]  abc\abc_csr.conf
 echo [ v3_req ]  abc\abc_csr.conf
 echo basicConstraints = critical,CA:FALSE  abc\abc_csr.conf
 echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment,
 dataEncipherment, keyAgreement  abc\abc_csr.conf
 echo extendedKeyUsage=emailProtection,clientAuth  abc\abc_csr.conf

 .\bin\openssl req -outform PEM -out abc\abc.pem.csr -key
 abc\abc.pem.private.key -keyform PEM -sha1 -days 700 -new -config
 abc\abc_csr.conf -passin pass:somepassphrase

 Cheers


  -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]  On Behalf Of Kwan Hon Luen
 Sent: Tuesday, June 03, 2003 5:31 PM
 To: [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: Re: Automating Openssl commands

 Hi ,

 Thanks.

 How do I automate the creation of certificate as well by supplying the
 following attributes?

 countryName
 stateOrProvinceName
 localityName
 organizationName
 organizationalUnitName
 commonName

 Thanks.

 Hon Luen



 - Original Message -
 From: Marcus Carey [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Tuesday, June 03, 2003 3:23 PM
 Subject: Re: Automating Openssl commands


  Under the request section in the openssl.cnf file add the password
  parameters.
 
  [req]
  input_password =
  output_password =
 
  Marcus
 
  - Original Message -
  From: Kwan Hon Luen [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Monday, June 02, 2003 7:07 PM
  Subject: Automating Openssl commands
 
 
   Hi ,
  
   I am currently using Openssl to generate CA and server/client key
certs.
  
   Right now, the Openssl prompt me for password when generating CA
 key/cert:
  
   openssl req -new -x509 -days 3650 -keyout cakey.pem -out
   trusted_ca_cert.pem -config openssl.cnf
  
   (1) Is there a way to use the password as a parameter so that I can
 create
   the CA key/cert with just one command, without any password prompting?
  
   The command below is for generating client/server key/cert. It prompt
me
  for
   password, the CN, etc.
  
   openssl req -new -keyout test_key.pem -out test_request.pem -config
   openssl.cnf
  
   (2) Is there a way to use the password, CN,etc as parameters so that I
 can
   create the CA key/cert with just one command, without any password,
CN,
  etc
   prompting?
  
   The command below is for certifying the client/server cert using the
CA.
  It
   prompt me to approve the certifying.
  
   openssl ca -policy policy_anything -out test_cert.pem -config
   openssl.cnf -infiles test_new.pem
  
   (3) Is there a way to use parameter such that the command will not
 prompt
  me
   to confirm certifying the certificate?
  
   Thanks.
  
   Hon Luen
  
   __
   OpenSSL Project http://www.openssl.org
   User Support Mailing List[EMAIL PROTECTED]
   Automated List Manager   [EMAIL PROTECTED]
 
 
  ---
  Outgoing mail is certified Virus Free.
  Checked by AVG anti-virus system (http://www.grisoft.com).
  Version: 6.0.486 / Virus Database: 284 - Release Date: 5/30/2003
 
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing List

Automating Openssl commands

2003-06-03 Thread Kwan Hon Luen 
Hi ,

I am currently using Openssl to generate CA and server/client key certs.

Right now, the Openssl prompt me for password when generating CA key/cert:

openssl req -new -x509 -days 3650 -keyout cakey.pem -out
trusted_ca_cert.pem -config openssl.cnf

(1) Is there a way to use the password as a parameter so that I can create
the CA key/cert with just one command, without any password prompting?

The command below is for generating client/server key/cert. It prompt me for
password, the CN, etc.

openssl req -new -keyout test_key.pem -out test_request.pem -config
openssl.cnf

(2) Is there a way to use the password, CN,etc as parameters so that I can
create the CA key/cert with just one command, without any password, CN, etc
prompting?

The command below is for certifying the client/server cert using the CA. It
prompt me to approve the certifying.

openssl ca -policy policy_anything -out test_cert.pem -config
openssl.cnf -infiles test_new.pem

(3) Is there a way to use parameter such that the command will not prompt me
to confirm certifying the certificate?

Thanks.

Hon Luen

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]