hello,
i'm trying to prgramatically generate self-signed keys. here's a
fragment
of the script:
...
progress "creating a CSR with the RSA private key..."
#openssl req -new -key $SRVKEY -out $SRVCSR <<EOF
#US
#California
#San Diego
#zNET Internet Services
#Internet Mail and Web Services
#$HOST.$DOMAIN
#webmaster@$DOMAIN
#12345
#zNET Internet Services
#EOF
openssl req -new -key $SRVKEY -out $SRVCSR
progress "using CA to sign server CSR..."
cat > ca.config <<EOT
[ ca ]
default_ca = CA_own
[ CA_own ]
dir = .
certs = \$dir
new_certs_dir = \$dir
database = \$dir/index.txt
serial = \$dir/serial
RANDFILE = /var/log/syslog
certificate = \$dir/$CACRT
private_key = \$dir/$CAKEY
default_days = 365
default_crl_days = 30
default_md = md5
preserve = no
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOT
openssl ca -config ca.config -out $SRVCRT -infiles $SRVCSR
...
the command "openssl req" using input from a here document results
in "invalid signature" when i try to pull up a secure page. if i answer
the
questions directly, my self-signed certs work great.
solaris 8
apache-2.0.39
openssl-0.9.6.d
jack
--
{ihnp4,lll-crg,ames,pyramid}!ptsfa!jackb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
