Hi Zachary, > I am using openssl 0.96 on redhat 7.1. > > I am trying to write a script to generate CERTs for > me, since I have hundreds of servers to generate certs > for. Because of this I want to use the prompt=no > option for the openssl config file. However I have > multiple CN entries in my config file and I am not > sure how this translates to the "Prompt=no" format of > the config file, since the "prompt=no" takes a > different config file format.
You will have to generate a new temporary config file from a "master" config file each time you generate your new cert or CSR. You'd have something like: [ req ] default_bits = 1024 distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] C = US ST = Los Angeles L = California O = ZakDen OU = IT Department CN = %CURRENTCN% emailAddress = [EMAIL PROTECTED] Say this is "master.cnf". Then in the inner loop of your mass-generation script, you'd read "master.cnf", replace all occurrences of "%CURRENTCN%" with the name of the server and save it to, say, temp.cnf; then, use this config file to do the actual generation. -K. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
