Thank you for the hint it is worth thinking about another approach but I think I am through (and tested) with all but the last line that is: openssl ca -in server.csr -out server.crt -config openssl.conf -passin pass:password and the only problem sees to be that "The commonName field needed to be supplied and was missing" And I do not see any error in the declaration of openssl.conf
-willi moser > > Hi, > > I thought that you want to automate all the commands without any > interactions via terminal. How about using the prompt no command? See > req manual in detail. > > -Kiyoshi > Kiyoshi Watanabe > > >> I want to automate keygen but I am getting the following error on >> openssl ca >> >> # ############################################ >> The Subjects Distinguished Name is as follows >> countryName :PRINTABLE:'US' >> stateOrProvinceName :PRINTABLE:'New Jersey' >> localityName :PRINTABLE:'New York' >> organizationName :PRINTABLE:'acme' >> organizationalUnitName:PRINTABLE:'acme' >> The commonName field needed to be supplied and was missing >> # ############################################ >> >> I tried it with supplied and match and buried myself in docs, man's >> and tests for days - without a clue.Thank you for your help in >> advance. >> >> >> willi moser, vienna >> >> >> Is there a way to write an easier openssl.conf like this? >> >> organizationName = acme >> organizationalUnitName = Marketing >> emailAddress = [EMAIL PROTECTED] >> emailAddress_max = 40 >> localityName = New York >> stateOrProvinceName = New Jersey >> countryName = US >> countryName_min = 2 >> countryName_max = 2 >> commonName = www.acme.com >> commonName_max = 64 >> >> >> >> >> >> # ############################################ >> #!/bin/sh >> >> openssl genrsa -out ca.private.key 1024 >> openssl req -new -x509 -days 3650 -key ca.private.key -out ca.crt >> -config ssl_csr.conf -passin pass:passwordopenssl x509 -in ca.crt -out >> iecert.crt -outform DER openssl genrsa -out server.key 1024 >> openssl req -new -key server.key -out server.csr -config ssl_csr.conf >> -passin pass:passwordmkdir -p demoCA/private >> cp ca.private.key demoCA/private/cakey.pem >> cp ca.crt demoCA/cacert.pem >> mkdir demoCA/newcerts >> touch demoCA/index.txt >> echo "01" > demoCA/serial >> # WE ARE HERE THE ABOVE WAS PASSED - OK >> --->> openssl ca -in server.csr -out server.crt -config openssl.conf >> -passin pass:password# ############################################ >> >> this is the openssl.conf >> >> # ############################################ >> dir = /etc/solver-www/ssl/demoCA >> >> [ ca ] >> default_ca = CA_default >> >> [ CA_default ] >> serial = $dir/serial >> database = $dir/index.txt >> new_certs_dir = $dir/newcerts >> certificate = $dir/cacert.pem >> private_key = $dir/private/cakey.pem >> default_days = 3650 >> default_md = md5 >> preserve = no >> email_in_dn = no >> nameopt = default_ca >> certopt = default_ca >> policy = policy_match >> >> [ policy_match ] >> countryName = match >> stateOrProvinceName = match >> organizationName = match >> organizationalUnitName = match >> commonName = supplied >> emailAddress = optional >> >> [ req ] >> default_bits = 1024 # Size of keys >> #default_keyfile = key.pem # Name of generated key >> default_keyfile = server.key # Name of generated key >> default_md = md5 # message digest algorithm >> string_mask = nombstr # permitted characters >> distinguished_name = req_distinguished_name >> req_extensions = v3_req >> >> [ req_distinguished_name ] >> # Variable name prompt string >> #-------------------------------------------------------------------------->> >> organizationName = acme >> organizationalUnitName = Marketing >> emailAddress = [EMAIL PROTECTED] >> emailAddress_max = 40 >> localityName = New York >> stateOrProvinceName = New Jersey >> countryName = US >> countryName_min = 2 >> countryName_max = 2 >> commonName = www.acme.com >> commonName_max = 64 >> >> # Default values for the above, for consistency and less typing. # >> Variable name Value >> #----------------------------- >> ------------------------------------------ organizationName_default >> = acme >> localityName_default = New York >> stateOrProvinceName_default = New Jersey >> countryName_default = US >> commonName_default = www.acme.com >> >> >> [ v3_ca ] >> basicConstraints = CA:TRUE >> subjectKeyIdentifier = hash >> authorityKeyIdentifier = keyid:always,issuer:always >> >> [ v3_req ] >> basicConstraints = CA:FALSE >> subjectKeyIdentifier = hash >> # ############################################ >> >> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List [EMAIL PROTECTED] >> Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
