On Thu, Oct 10, 2002, Zachary Denison wrote: > Hi, > > I am using openssl 0.96 on redhat 7.1. > > I am trying to write a script to generate CERTs for > me, since I have hundreds of servers to generate certs > for. Because of this I want to use the prompt=no > option for the openssl config file. However I have > multiple CN entries in my config file and I am not > sure how this translates to the "Prompt=no" format of > the config file, since the "prompt=no" takes a > different config file format. > > This is my original config file format (excerpt only): > > [ req ] > default_bits = 1024 > distinguished_name = req_DN > [ req_DN ] > 0.countryName = "1. Country Name > (2 letter code)" > 0.countryName_min = 2 > 0.countryName_max = 2 > 0.countryName_default = US > 0.stateOrProvinceName = "2. State or > Province Name (full name) " > 0.stateOrProvinceName_default = Los Angeles > 0.localityName = "3. Locality Name > (city name) " > 0.localityName_default = California > 0.organizationName = "4. Organization > Name (company name) " > 0.organizationName_default = ZakDen > 0.organizationalUnitName = "5. Organizational > Unit Name (department) " > 0.organizationalUnitName_default = IT Department > 0.commonName = "6. Common Name > (real fqdn) " > 0.commonName_max = 64 > 0.commonName_default = imap.zakden.com > 1.commonName = "6. Common Name > (real fqdn) " > 1.commonName_max = 64 > 1.commonName_default = mail.zakden.com > 2.commonName = "6. Common Name > (real fqdn) " > 2.commonName_max = 64 > 2.commonName_default = smtp.zakden.com > > > and below you can see what currently I have for my > "prompt=no" version of the file: > (note: I have tried SEVERAL different ways.. NONE of > them works) > > > Does anyone know the correct syntax when dealing with > multiple CNs in a "prompt=no" scenario? > Thank you. > > Zachary. > > > First try: > --------- > > [ req ] > default_bits = 1024 > distinguished_name = req_distinguished_name > prompt = no > [ req_distinguished_name ] > C = US > ST = Los Angeles > L = California > O = ZakDen > OU = IT Department > CN = imap.zakden.com > CN = mail.zakden.com > CN = smtp.zakden.com > emailAddress = [EMAIL PROTECTED] > > > Second Try: > ----------- > > [ req ] > default_bits = 1024 > distinguished_name = req_distinguished_name > prompt = no > [ req_distinguished_name ] > C = US > ST = Los Angeles > L = California > O = ZakDen > OU = IT Department > CN.1 = imap.zakden.com > CN.2 = mail.zakden.com > CN.3 = smtp.zakden.com > emailAddress = [EMAIL PROTECTED] > > > Third Try: > ---------- > > [ req ] > default_bits = 1024 > distinguished_name = req_distinguished_name > prompt = no > [ req_distinguished_name ] > C = US > ST = Los Angeles > L = California > O = ZakDen > OU = IT Department > CN = @cnlist > emailAddress = [EMAIL PROTECTED] > [ cnlist ] > CN.1=imap.zakden.com > CN.2=mail.zakden.com > CN.3=smtp.zakden.com > > > Did you try the same format as the original config file:
1.CN = x 2.CN = y 3.CN = z ? Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
