From: [EMAIL PROTECTED]
rsalz> Has anyone added a "-dn" flag to the req command? This would make it much
rsalz> easier to write scripts that generate lots of requests. (Okay, maybe
rsalz> not a lot easier, since I could set up a config file that pointed to the
rsalz> environment, and then set env-vars, but that's a little roundabout...)
Hmm... Just a thought: How about hacking the appropriate sections of
openssl.cnf into your own copy, like this:
------------------------------ 8< ------------------------------
[ req ]
prompt = no
# ... rest of the key-value pairs...
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_value = $ENV::COUNTRY_NAME
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
stateOrProvinceName_value = $ENV::STATE_OR_PROVINCE
localityName = Locality Name (eg, city)
localityName_value = $ENV::LOCALITY_NAME
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
0.organizationName_value = $ENV::ORGANIZATION_NAME
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_value = $ENV::ORGANIZATION_UNIT_NAME
#organizationalUnitName_default =
commonName = Common Name (eg, YOUR name)
commonName_value = $ENV::COMMON_NAME
commonName_max = 64
emailAddress = Email Address
emailAddress_value = $ENV::EMAIL_ADDRESS
emailAddress_max = 40
------------------------------ 8< ------------------------------
and then have a script that does something like this (assume sh):
COUNTRY_NAME=AU STATE_OR_PROVINCE=Some-State LOCALITY_NAME= \
ORGANIZATION_NAME='Internet Widgits Pty Ltd' ORGANIZATION_UNIT_NAME= \
COMMON_NAME=www.foo.org EMAIL_ADDRESS= openssl req -config ./openssl.cnf \
{more args}
N.B.: I haven't tested this at all, it's just an idea. I leave the
testing to you :-).
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: A "-dn xxx" flag for the req command?
Richard Levitte - VMS Whacker Mon, 14 Aug 2000 10:16:44 -0700
- A "-dn xxx" flag for the req comma... rsalz
- RE: A "-dn xxx" flag for the ... Richard Levitte - VMS Whacker
- RE: A "-dn xxx" flag for the ... Svenning S�rensen
- RE: A "-dn xxx" flag for ... Svenning S�rensen
- Re: A "-dn xxx" flag for the ... Dr Stephen Henson
- Re: A "-dn xxx" flag for the ... Peter Sylvester
