Hi,
How do I automate the signing of server certificate by a CA ?
without the following prompt:
(1) Enter PEM pass phrase:
(2) Sign the certificate?
(3) commit?
Thanks.
Hon Luen
F:\openssl_testopenssl ca -policy policy_anything -out
test_cert.pem -config test.conf -infiles test_new.pem
Using configuration from test.conf
Loading 'screen' into random state - done
Enter PEM pass phrase:
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName :PRINTABLE:'AU'
stateOrProvinceName :PRINTABLE:'AU'
localityName :PRINTABLE:'AU'
organizationName :PRINTABLE:'TEST'
organizationalUnitName:PRINTABLE:'TEST'
commonName:PRINTABLE:'192.168.168.222'
Certificate is to be certified until Jun 5 08:25:47 2004 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
- Original Message -
From: Michael Czapski [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 4:53 AM
Subject: RE: Automating Openssl commands
You could try something like:
echo [ req ] abc\abc_csr.conf
echo distinguished_name=req_distinguished_name abc\abc_csr.conf
echo req_extensions = v3_req abc\abc_csr.conf
echo prompt=no abc\abc_csr.conf
echo [ req_distinguished_name ] abc\abc_csr.conf
echo C=AU abc\abc_csr.conf
echo ST=New South Wales abc\abc_csr.conf
echo L=Sydney abc\abc_csr.conf
echo O=Doddgy Brothers Very Limited abc\abc_csr.conf
echo OU=Security Division abc\abc_csr.conf
echo [EMAIL PROTECTED] abc\abc_csr.conf
echo [EMAIL PROTECTED] abc\abc_csr.conf
echo [ v3_req ] abc\abc_csr.conf
echo basicConstraints = critical,CA:FALSE abc\abc_csr.conf
echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment,
dataEncipherment, keyAgreement abc\abc_csr.conf
echo extendedKeyUsage=emailProtection,clientAuth abc\abc_csr.conf
.\bin\openssl req -outform PEM -out abc\abc.pem.csr -key
abc\abc.pem.private.key -keyform PEM -sha1 -days 700 -new -config
abc\abc_csr.conf -passin pass:somepassphrase
Cheers
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kwan Hon Luen
Sent: Tuesday, June 03, 2003 5:31 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Automating Openssl commands
Hi ,
Thanks.
How do I automate the creation of certificate as well by supplying the
following attributes?
countryName
stateOrProvinceName
localityName
organizationName
organizationalUnitName
commonName
Thanks.
Hon Luen
- Original Message -
From: Marcus Carey [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 3:23 PM
Subject: Re: Automating Openssl commands
Under the request section in the openssl.cnf file add the password
parameters.
[req]
input_password =
output_password =
Marcus
- Original Message -
From: Kwan Hon Luen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 02, 2003 7:07 PM
Subject: Automating Openssl commands
Hi ,
I am currently using Openssl to generate CA and server/client key
certs.
Right now, the Openssl prompt me for password when generating CA
key/cert:
openssl req -new -x509 -days 3650 -keyout cakey.pem -out
trusted_ca_cert.pem -config openssl.cnf
(1) Is there a way to use the password as a parameter so that I can
create
the CA key/cert with just one command, without any password prompting?
The command below is for generating client/server key/cert. It prompt
me
for
password, the CN, etc.
openssl req -new -keyout test_key.pem -out test_request.pem -config
openssl.cnf
(2) Is there a way to use the password, CN,etc as parameters so that I
can
create the CA key/cert with just one command, without any password,
CN,
etc
prompting?
The command below is for certifying the client/server cert using the
CA.
It
prompt me to approve the certifying.
openssl ca -policy policy_anything -out test_cert.pem -config
openssl.cnf -infiles test_new.pem
(3) Is there a way to use parameter such that the command will not
prompt
me
to confirm certifying the certificate?
Thanks.
Hon Luen
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.486 / Virus Database: 284 - Release Date: 5/30/2003
__
OpenSSL Project http://www.openssl.org
User Support Mailing List