Hi, How do I automate the signing of server certificate by a CA ? without the following prompt:
(1) "Enter PEM pass phrase:" (2) "Sign the certificate?" (3) "commit?" Thanks. Hon Luen F:\openssl_test>openssl ca -policy policy_anything -out test_cert.pem -config test.conf -infiles test_new.pem Using configuration from test.conf Loading 'screen' into random state - done Enter PEM pass phrase: ******** Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'AU' stateOrProvinceName :PRINTABLE:'AU' localityName :PRINTABLE:'AU' organizationName :PRINTABLE:'TEST' organizationalUnitName:PRINTABLE:'TEST' commonName :PRINTABLE:'192.168.168.222' Certificate is to be certified until Jun 5 08:25:47 2004 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated ----- Original Message ----- From: "Michael Czapski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, June 04, 2003 4:53 AM Subject: RE: Automating Openssl commands > You could try something like: > > echo [ req ] > abc\abc_csr.conf > echo distinguished_name=req_distinguished_name >> abc\abc_csr.conf > echo req_extensions = v3_req >> abc\abc_csr.conf > echo prompt=no >> abc\abc_csr.conf > echo [ req_distinguished_name ] >> abc\abc_csr.conf > echo C=AU >> abc\abc_csr.conf > echo ST=New South Wales >> abc\abc_csr.conf > echo L=Sydney >> abc\abc_csr.conf > echo O=Doddgy Brothers Very Limited >> abc\abc_csr.conf > echo OU=Security Division >> abc\abc_csr.conf > echo [EMAIL PROTECTED] >> abc\abc_csr.conf > echo [EMAIL PROTECTED] >> abc\abc_csr.conf > echo [ v3_req ] >> abc\abc_csr.conf > echo basicConstraints = critical,CA:FALSE >> abc\abc_csr.conf > echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment, > dataEncipherment, keyAgreement >> abc\abc_csr.conf > echo extendedKeyUsage=emailProtection,clientAuth >> abc\abc_csr.conf > > .\bin\openssl req -outform PEM -out abc\abc.pem.csr -key > abc\abc.pem.private.key -keyform PEM -sha1 -days 700 -new -config > abc\abc_csr.conf -passin pass:somepassphrase > > Cheers > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kwan Hon Luen > Sent: Tuesday, June 03, 2003 5:31 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: Automating Openssl commands > > Hi , > > Thanks. > > How do I automate the creation of certificate as well by supplying the > following attributes? > > countryName > stateOrProvinceName > localityName > organizationName > organizationalUnitName > commonName > > Thanks. > > Hon Luen > > > > ----- Original Message ----- > From: "Marcus Carey" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, June 03, 2003 3:23 PM > Subject: Re: Automating Openssl commands > > > > Under the request section in the openssl.cnf file add the password > > parameters. > > > > [req] > > input_password = > > output_password = > > > > Marcus > > > > ----- Original Message ----- > > From: "Kwan Hon Luen" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, June 02, 2003 7:07 PM > > Subject: Automating Openssl commands > > > > > > > Hi , > > > > > > I am currently using Openssl to generate CA and server/client key certs. > > > > > > Right now, the Openssl prompt me for password when generating CA > key/cert: > > > > > > openssl req -new -x509 -days 3650 -keyout cakey.pem -out > > > trusted_ca_cert.pem -config openssl.cnf > > > > > > (1) Is there a way to use the password as a parameter so that I can > create > > > the CA key/cert with just one command, without any password prompting? > > > > > > The command below is for generating client/server key/cert. It prompt me > > for > > > password, the CN, etc. > > > > > > openssl req -new -keyout test_key.pem -out test_request.pem -config > > > openssl.cnf > > > > > > (2) Is there a way to use the password, CN,etc as parameters so that I > can > > > create the CA key/cert with just one command, without any password, CN, > > etc > > > prompting? > > > > > > The command below is for certifying the client/server cert using the CA. > > It > > > prompt me to approve the certifying. > > > > > > openssl ca -policy policy_anything -out test_cert.pem -config > > > openssl.cnf -infiles test_new.pem > > > > > > (3) Is there a way to use parameter such that the command will not > prompt > > me > > > to confirm certifying the certificate? > > > > > > Thanks. > > > > > > Hon Luen > > > > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.486 / Virus Database: 284 - Release Date: 5/30/2003 > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
